intrigeri+debian at boum.org
2011-Aug-19 15:23 UTC
[Secure-testing-team] rst2pdf: Contains embedded code copy: pdfrw
Package: rst2pdf Version: 0.16-1.1 Severity: normal Hi, rst2pdf contains a copy of the pdfrw library[0], which both the Debian Policy (4.13) and the security team dislike (for good reasons, if you ask me). I discovered this since I, as part of a team, intend to package mat[1], which also uses pdfrw. Chris, do you want to package pdfrw separately? [0] http://code.google.com/p/pdfrw/ [1] https://gitweb.torproject.org/user/jvoisin/mat.git Bye, -- intrigeri <intrigeri at boum.org> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Then we''ll come from the shadows.
micah anderson
2011-Aug-22 13:43 UTC
[Secure-testing-team] rst2pdf: Contains embedded code copy: pdfrw
Hello, On Fri, 19 Aug 2011 17:23:42 +0200, intrigeri+debian at boum.org wrote:> Package: rst2pdf > Version: 0.16-1.1 > Severity: normal > > Hi, > > rst2pdf contains a copy of the pdfrw library[0], which both the Debian > Policy (4.13) and the security team dislike (for good reasons, if you > ask me). I discovered this since I, as part of a team, intend to > package mat[1], which also uses pdfrw.Thanks for the report, I noticed that pdfrw is not in Debian, at least that I could find. Nor do I find anyone filing an ITP for the package. Please correct me if this is wrong! A good first step to resolving this embedded code copy would be to get that library into Debian. Does anyone intend to package this? I''ve added rst2pdf to the embedded code copies list so it can be properly tracked. micah -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110822/7336c871/attachment.pgp>
Chris Lamb
2011-Aug-22 13:55 UTC
[Secure-testing-team] Bug#638507: rst2pdf: Contains embedded code copy: pdfrw
Hi micah,> A good first step to resolving this embedded code copy would be to get > that library into Debian. Does anyone intend to package this?I plan to upload it over the next day or so.> I''ve added rst2pdf to the embedded code copies list so it can be > properly tracked.Thanks for tracking this. Hopefully will be in touch soon to get it removed. Regards, -- ,''''`. : :'' : Chris Lamb `. `''` lamby at debian.org `-
Chris Lamb
2011-Aug-22 15:21 UTC
[Secure-testing-team] Bug#638507: rst2pdf: Contains embedded code copy: pdfrw
Chris Lamb wrote:> I plan to upload it over the next day or so.Found some time - it is sitting in NEW now. Regards, -- ,''''`. : :'' : Chris Lamb `. `''` lamby at debian.org `-
micah anderson
2011-Aug-24 12:11 UTC
[Secure-testing-team] Bug#638507: rst2pdf: Contains embedded code copy: pdfrw
On Mon, 22 Aug 2011 16:21:57 +0100, Chris Lamb <lamby at debian.org> wrote:> Chris Lamb wrote: > > > I plan to upload it over the next day or so. > > Found some time - it is sitting in NEW now.Thanks! Please, CC me when rst2pdf has been fixed to link against pdfrw, so I can update the embedded code copies list. micah -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110824/d5e3bb69/attachment.pgp>