[ACTION NO LONGER REQUIRED] Retired packages for F-17

[Richard W.M. Jones]

On Mon, Mar 05, 2012 at 07:17:21AM -0600, Bruno Wolff III wrote:
> On Mon, Mar 05, 2012 at 13:03:09 +0000,
>   "Richard W.M. Jones" <rjones at redhat.com> wrote:
> > 
> > ocaml-camlimages?  I've kicked this package out of Fedora because
> > camlimages has a dead upstream *and* a lengthy history of security
> > bugs.  It contains old C code pasted from various places, and really
> > shouldn't be used.  The right way to do this is to use OCaml bindings
> > for libpng, libungif etc.  (Debian even did some of this work, but
> > didn't contribute anything back upstream ...)
> 
> There has been an update since the package was removed. I don't see
> a lot happening now, but at some time between when it was dropped and
> now there was activity. (It went from 3.0.2 to 4.0.1.)

Well I take back some of what I said before.  In the new version
(4.0.1) the cut-and-paste C code for reading and writing images has
been replaced with use of the appropriate libraries (libpng, libjpeg,
libungif, freetype).  This is very encouraging, and shows that this
new upstream is back on track.

I'm still dubious about the image processing code, since that seems to
duplicate the functionality of things like cairo, but at least (a)
it's written in OCaml so it'll be robust from buffer overflows etc,
and (b) it's not likely to be security sensitive because it doesn't
read directly from image files.

Anyhow, go for it, don't let me discourage anyone from packaging
things for Fedora.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/