[Kde-imaging] extragear/libs/kipi-plugins/rawconverter [POSSIBLY UNSAFE]
Angelo Naselli
anaselli at linux.it
Tue Oct 10 16:49:43 CEST 2006
Alle 15:14, martedì 10 ottobre 2006, Gilles Caulier ha scritto:
> On Tuesday 10 October 2006 14:59, Angelo Naselli wrote:
> > Alle 14:35, martedì 10 ottobre 2006, Gilles Caulier ha scritto:
> > > SVN commit 594192 by cgilles:
> > >
> > > kipi-plugins from trunk : RAW Converter : bye bye external dcraw depency
> > > :
> > >
> > > Raw onverter plugin use a dedicaced dcraw binary program to run. This is
> > > mandatory since dcraw author have broken the command line options
> > > compatibility with the 8.x serie.
> > >
> > > Also, dcraw is not available like a library!
> > >
> > > The dcraw.c source code embeded in plugin is just a copy of official
> > > implementation, but this one have been completly tested with plugin.
> >
> > Does that mean we do have to maintain old dcraw code? Or it's a
> > a temporary solution?
>
> No. The code to maintain is the dcrawiface class, and only when we want to
> do !
>
> I want mean that when we want to update the dcraw.c implementation using the
> dcraw offical web page (look in Makefile.am for details), we just need to
> _copy_ the dcraw.c into svn.
>
> After, we check if :
>
> - it compile.
> - an option syntax have changed. If yes, dcrawiface.cpp implementation need to
> be fixed
> - all regression tests work fine using the plugin.
That unfortunately means, yes.
What happens if, I don't say it is but if, a security problem on dcraw is present?
You should fix it here and in digikam. How can you do that? Doing by yourself or
backporting from dcraw trunk if present, but that unfortunately is not the same version
as we're using...
That is similar to have a fork of dcraw, and if, as you said, there are a lot of people
who want to have libdcraw why not to implement it? of course with someone
that wants to maintain it...
Just my 2 cents.
Angelo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-imaging/attachments/20061010/69aa10b0/attachment.pgp
More information about the Kde-imaging
mailing list