[Secure-testing-team] rst2pdf: Contains embedded code copy: pdfrw

micah anderson micah at riseup.net
Mon Aug 22 13:43:27 UTC 2011


Hello,

On Fri, 19 Aug 2011 17:23:42 +0200, intrigeri+debian at boum.org wrote:
> Package: rst2pdf
> Version: 0.16-1.1
> Severity: normal
> 
> Hi,
> 
> rst2pdf contains a copy of the pdfrw library[0], which both the Debian
> Policy (4.13) and the security team dislike (for good reasons, if you
> ask me). I discovered this since I, as part of a team, intend to
> package mat[1], which also uses pdfrw.

Thanks for the report, I noticed that pdfrw is not in Debian, at least
that I could find. Nor do I find anyone filing an ITP for the
package. Please correct me if this is wrong!

A good first step to resolving this embedded code copy would be to get
that library into Debian. Does anyone intend to package this?

I've added rst2pdf to the embedded code copies list so it can be
properly tracked.

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110822/7336c871/attachment.pgp>


More information about the Secure-testing-team mailing list