[tex-live] TeXLive2007: Bug in (Xe)TeX for 64bit and big endianess

Hans Hagen pragma at wxs.nl
Wed May 9 12:58:34 CEST 2007

> 2007/5/9, Hans Hagen <pragma at wxs.nl>:
>> Dr. Werner Fink wrote:
>> > Updates within an old distribution are nogoes for distributors. This
>> > because you can not destroy certifications and tested states of an
>> > existing product by getting unkown side effects with new binaries
>> > in an existing package.  The way to go is to fix the security issue
>> > and provide an update with a binary patch on the existing package.
>> > Our QA would never accept a full update to an new version of texlive
>> > on an old product line without a real BETA testing session.
>> >
>> sure, but i'm not talking of a massive update, just the self contained
>> pdftex binary, which is one file
> No. You follow the principle of least surprise and change only what
> you must change, i.e. security fixes.
> Imagine a customer (we're talking about SLES here) relying on bugs
> (i.e. having worked around them) in 1.30 complaining that his app
> doesn't work anymore because you silently replaced his pdftex with
> 1.40.
well, if one makes workaround that is not checking versions, then one is in trouble anyway and should have reported that bug in the first place; normally bugs in pdftex are solved pretty fast so writing a workaround may have taken more time. 

also, i assume that security issues (as well as fixes and side effects)  are investigated first; it may be that pdftex is never affected by the issue at all, in which case no update is needed (btw, for me 'security fix' is just a nice word for a 'programming error' or 'severe bug' which may happen to have a security side effect; to some extend i guess that users can mess up their live more with using tex the wrong way than with some occasional crash, which if i remember right has not happend that often, esp not in library parts but i may be wrong) 


