Fwd: Ophaning lcms(1)

Sandro Mani manisandro at gmail.com
Tue Jun 3 09:32:16 UTC 2014

On 02.06.2014 23:07, Toshio Kuratomi wrote:
> On Mon, Jun 02, 2014 at 10:39:56PM +0200, Nicolas Chauvet wrote:
>> python-pillow-2.2.1-4.fc20.src.rpm
> This one can be fixed by upgrading to 2.3.0 (or greater.  2.4.0 is current).
> 2.4.0 is what's in rawhide.  Not sure if that's safe to push back to f20 and
> earlier.  (Although I see that there's an insecure use of tempfile CVE that
> was ficed in 2.3.1 so maybe it makes sense to update even if there is API
> breakage.)
> @smani: Do you have more information here?
> -Toshio
The API has never been broken as far as I can tell. I guess we could 
update to 2.4.0 (although given the number of packages which depend on 
pillow I wasn't planning to do so in a stable release), or otherwise we 
could backport [1]. But, more generally, why introduce such a change in 
a stable release? Can't lcms just be removed for F21+?


[1] https://github.com/python-pillow/Pillow/pull/380

More information about the devel mailing list