[Debconf-devel] Seeking help for debconf option
Pavel Sanda
sanda at lyx.org
Thu Feb 2 12:26:03 GMT 2023
Dear Debconf developers,
I am seeking someone's help for implementation of debconf question regarding debian package ImageMagick (IM).
I'll try to be brief to first describe the problem:
1) IM is using for certain coversions ghostscript (GS) in backgrounds.
2) GS has long history of producing new CVEs and at certain moment the conversion policies
in /etc/ImageMagick-6/policy.xml got banned altogether to prevent any future CVEs.
3) This caused some debates (e.g. bug #907336) and it seems that there is overall
agreement that debconf should ask about the policy used byt IM, however no one helped
to produce the patch for this.
4) I am developer of LyX package and for our package IM policy ban of postscript processing
is not some corner case but widely used feature for document processing and causes
continuous flow of complaints from debian/ubuntu users in our mailing list (long time
ago I reported this as #975678).
Would be anyone willing to help and craft a patch which would essentially ask
whether IM policies should be strict towards pdf/postscript processing?
This question can be part of installing LyX or IM in general and would decide
whether the snippet below appears in policy.xml or not:
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />
I am not familiar with debconf system but I believe this would be couple lines
for those who are..
CC-ing debian LyX maintainer and Bastien who was active in #907336 discussion.
Thanks in advance,
Pavel
More information about the Debconf-devel
mailing list