[tex-k] [firstname.lastname@example.org: RHN Errata Alert: Command execution vulnerability in dvips]
Sat, 2 Nov 2002 14:19:02 +0100
On 2002-11-02 03:43:45 +0100, Reinhard Kotucha wrote:
> But what I'm more concerned about is that RedHat distributes a dvips
> that behaves different than that on other systems.
> There is absolutely no reason to make any changes to dvips, it is
> absolutely sufficient to send a bug report.
> In my opinion, the best way to go is to put dvips under the LPPL.
> Then dvips would be dvips and RedHat has to distribute it under
> another name, i.e. "dvips_broken_by_RedHat".
NOT. The LPPL has its merits and is usefull for TeX macros
packages et.al., but software like dvips must be free. The
problem here is not the fork (if it was a fork at all, it looks
more like a different configuration at compile time) but the fact
that RH did not communicate in any way with the maintainer.
There's has been an article in slashdot this wek adressing this
very issue from the point of the user: Where should RH users
submit bug repors for dvips? RH? Tom?