[Debian-med-packaging] We need a global decision about R data in binary format, and stick to it.

Ian Jackson ijackson at chiark.greenend.org.uk
Mon Aug 5 14:17:01 UTC 2013


Bastien ROUCARIES writes ("Re: We need a global decision about R data in binary format, and stick to it."):
> Le 5 août 2013 15:42, "Paul Tagliamonte" <paultag at debian.org> a écrit :
> > IMVHO, this is the same as how we should treat images (I mean, for any
> > data format, not just this one case of a pickled object) - if the image
> > was a photo, clearly the .jpg or .png or whatever we get is the best way
> > to communicate this data, but if the image was generated off an .svg,
> > it should be distributed with it (and even rebuilt at build-time).
> 
> Could we made an exception for specially crafted image in order to exercice
> buffer oveeflow ? (I think particularly art libpng ImageMagick)

I think this is something of a red herring corner case, and not really
related to the question about R binary objects.

If the last thing that happened to the image file was that upstream
edited it with a hex editor to introduce a buffer overflow, then the
resulting binary file is the preferred form for modification (after
all, that's how the last person to do so modified it...)

Ian.



More information about the Debian-med-packaging mailing list