Re: Dropping 'fringe' pixbuf loaders

On Mon, 2015-09-21 at 18:38 -0400, Matthias Clasen wrote:

On Mon, Sep 21, 2015 at 5:10 PM, Cosimo Cecchi <cosimoc gnome org>

On Mon, Sep 21, 2015 at 1:01 PM, Owen Taylor <otaylor redhat com>
Do we trust this code or not? If not, we should either a) sandbox
it or b) delete it.

Moving less-trusted loaders into a separate repo is a blame-the-
user or blame-the-os-vendor move, depending on who installs them
onto the system.
The only way to prevent the blame game you mention in a typical
distribution where everything is installed through packages would
be to stop supporting out of tree modules entirely, if I interpret
your concern correctly.

My point is that as long as that's the case, at least maintaining
them in a central location gives people an aggregation point for

But they are not being maintained by anybody, and the fixes have not
been aggregating... every few years some security researchers decide
to have a look at image loaders, and then we get a bunch of overflows
and corruptions reported, and either me of Benjamin grudgingly fix
them. And both of us are tired of doing that.

I would argue that at least I have taken care of some of that work at
the end of 2014. I didn't get to see coverity scans or cppchecks, but
this isn't the most complicated code to fix up and review.

If removing some of those loaders helps lighten the number of potential
bugs, sure, go for it.

As for removing those loaders, I'd double-check whether GIMP has native
support for those (not through a gdk-pixbuf loader), so that at least
some modicum of support is left for those, making it less likely that
we'll crash when somebody has a duff file in their file manager.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]