poppler, security updates in general...
Clemens Lang
cal at macports.org
Wed Jan 10 09:20:29 UTC 2018
Hi Perry,
----- On 9 Jan, 2018, at 18:27, Perry E. Metzger perry at piermont.com wrote:
> I note the version of poppler we're shipping is pretty old, and that
> there are CVEs outstanding against it.
>
> Am I correct in assuming that as things stand, we mostly depend on
> port owners to track security updates on behalf of the project and
> that there isn't a security officer or any such thing? (Not
> complaining, just seeking clarification.)
That's correct. It would be nice if we had some tooling that could check
for CVEs we haven't fixed yet. If you would like to grab some of the
existing open source tooling and modify it so it uses the MacPorts ports
tree as input, that would be great.
A while ago somebody on the list had a project that would import MacPorts
ports into a format common for all package managers (and provide a
webservice + website for that). Maybe that could be used here?
--
Clemens Lang
More information about the macports-dev
mailing list