[tex-k] [rhn-admin@rhn.redhat.com: RHN Errata Alert: Command execution vulnerability in dvips]

Tomas G. Rokicki rokicki@CS.Stanford.EDU
Sun, 03 Nov 2002 17:40:18 -0800

Guys, I'm really sorry; I didn't want this to turn into such a sideshow.

The TeX guys work really really hard at preparing great distributions for
the Linux guys.

The Linux guys bend over backwards to make everything work well.

Redhat found a security problem.  They fixed it.  The fix needs to be
made better, and we will make it better.

The change probably affects a low percentage of TeX users.  Let's just
get it fixed and move on.

I have to take the blame as much as anyone; I've known dvips has various
security issues, and I haven't done the necessary security audit yet.
So blame me.