musescore 2.0.3+dfsg-1
Fabian Greffrath
fabian at debian.org
Sat Jul 16 15:23:38 UTC 2016
Hi Peter,
Am Freitag, den 15.07.2016, 14:16 +0100 schrieb Peter Jonas:
> the policy itself. This policy explicitly allows bundling when a
> package is "explicitly intended to be used in this way." MuseScore is
I am sorry but I believe that Jonas is right and you misunderstood this
part of Policy. It reads "Debian packages should not make use of these
convenience copies unless the included package is explicitly intended
to be used in this way". In this case *the included package* is
freetype and it is definitely not intended to be used this way. Policy
is rather explicit on how to further proceed in this case:
https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles
So, what libraries could probably be intended to be used this way? I
think there are only very few exception, for example speed-optimized
math libraries with hand-crafted ASM code that would suffer from
register shortage on certain architecture of compiled as PIC (e.g.
djbfft); or maybe header-only libraries that only consist of static
inline functions and macros (though I currently have no example for
these at hand).
> not likely to be a priority for the developers of Freetype. MuseScore
> needs to know the exact size and position of every symbol on the page
> to be able to lay them out efficiently without causing collisions. In
> an ordinary text document slight differences in kerning between
> operating systems might cause a word to be moved onto the next line,
It seems to me what Musescore is actually looking for is an entire
static font rendering stack. Please note that freetype is only a part
(though a very important) of the whole font rendering stack. There are
plenty other libraries involved that could modify the result of fonts
being rendered on screen, e.g. harfbuzz, fontconfig and pango/cairo. I
am sure you are not going to include known-working copies of these as
well.
Also:
$ zgrep CVE /usr/share/doc/libfreetype6/changelog.Debian.gz | wc -l
53
So, no, please don't do that!
- Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160716/380bc321/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list