Re: Dropping 'fringe' pixbuf loaders

[Bastien Nocera <hadess hadess net>]

On Mon, 2015-09-21 at 18:38 -0400, Matthias Clasen wrote:
> On Mon, Sep 21, 2015 at 5:10 PM, Cosimo Cecchi <cosimoc gnome org>
> wrote:
> > On Mon, Sep 21, 2015 at 1:01 PM, Owen Taylor <otaylor redhat com>
> > wrote:
> > > Do we trust this code or not? If not, we should either a) sandbox
> > > it or b) delete it.
> > >
> > > Moving less-trusted loaders into a separate repo is a blame-the-
> > > user or blame-the-os-vendor move, depending on who installs them
> > > onto the system.
> > The only way to prevent the blame game you mention in a typical
> > distribution where everything is installed through packages would
> > be to stop supporting out of tree modules entirely, if I interpret
> > your concern correctly.
> >
> > My point is that as long as that's the case, at least maintaining
> > them in a central location gives people an aggregation point for
> > fixes.
> But they are not being maintained by anybody, and the fixes have not
> been aggregating... every few years some security researchers decide
> to have a look at image loaders, and then we get a bunch of overflows
> and corruptions reported, and either me of Benjamin grudgingly fix
> them. And both of us are tired of doing that.

I would argue that at least I have taken care of some of that work at
the end of 2014. I didn't get to see coverity scans or cppchecks, but
this isn't the most complicated code to fix up and review.

If removing some of those loaders helps lighten the number of potential
bugs, sure, go for it.

As for removing those loaders, I'd double-check whether GIMP has native
support for those (not through a gdk-pixbuf loader), so that at least
some modicum of support is left for those, making it less likely that
we'll crash when somebody has a duff file in their file manager.

Cheers