[tex-live] TeXLive2007: Bug in (Xe)TeX for 64bit and big endianess

Frank Küster frank at kuesterei.ch
Wed May 9 14:11:06 CEST 2007


Hans Hagen <pragma at wxs.nl> wrote:

> � wrote:
>> 2007/5/9, Hans Hagen <pragma at wxs.nl>:
>> Imagine a customer (we're talking about SLES here) relying on bugs
>> (i.e. having worked around them) in 1.30 complaining that his app
>> doesn't work anymore because you silently replaced his pdftex with
>> 1.40.
> well, if one makes workaround that is not checking versions, then one
> is in trouble anyway and should have reported that bug in the first
> place; 

The bug may or may not have been reported, that's irrelevant.

> normally bugs in pdftex are solved pretty fast so writing a
> workaround may have taken more time. 

No, if you've bought a certified system you won't bother yourself with
updating single binaries, that's not what you paid for.  Moreover, the
very purpose of using such a certified and stable system is that you
need *not* check versions in your implementation.  Before your vendor
stops their support for this version, you have time to plan the upgrade
carefully and test all implementations and workarounds.  But this is at
a predictable point in time (and it might be possible to move it by
paying), not at a random time when a security issue pops up.

> also, i assume that security issues (as well as fixes and side
> effects)  are investigated first; it may be that pdftex is never
> affected by the issue at all, in which case no update is needed

You're welcome to do this if you think you have the time and skills.  We
can notify you whenever a CVE is published, and after some time of
productive working you might even get embargoed information before it
goes public.  That way, I assume that in fact many fixes against xpdf
code need not be applied to the pdftex sources.

However, you'll have to commit yourself to this task quite definitely
and firmly, in order to convince vendors that this is a better
alternative than using a shared library which is trivial to exchange.

Regards, Frank

-- 
Dr. Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)


More information about the tex-live mailing list