[7951] in testers
Re: Debathena beta
daemon@ATHENA.MIT.EDU (Evan Broder)
Sat Mar 14 19:04:46 2009
Message-ID: <49BC37D2.6000608@mit.edu>
Date: Sat, 14 Mar 2009 19:03:46 -0400
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: Alex T Prengel <alexp@mit.edu>
CC: Mike Khusid <mkhusid@mit.edu>, testers@mit.edu, agrawalr@mit.edu
In-Reply-To: <200903142137.n2ELbnIS018068@dit.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
We do also install a local acroread attachandrun script, so you
shouldn't even need to "add acro" in most cases.
I think the security (and updates in general) point is a valid one. From
looking at the Mediubuntu repository, I'm very skeptical of their
ability to respond to security updates in a timely matter.
Unlike Ubuntu, which has dedicated security teams (which include
Canonical employees), Mediubuntu seems to be maintained by 9 volunteers.
They probably aren't included in cross-distribution discussions such as
vendor-sec. They also seem to be just slow on their development work -
according to <http://packages.medibuntu.org/>, they didn't start
building packages for Jaunty until late January - halfway through the
Jaunty development cycle.
- Evan
Alex T Prengel wrote:
> Hi,
>
> I'm the maintainer of the acro locker. I intend to keep maintaining it for
> the forseeable future, unless we decide to install the mediubuntu version,
> so add "acro; acroread" will continue to launch acroread. I haven't carefully
> read the license for each, but from experience with Adobe I strongly suspect
> the licenses will be very similar if not identical.
>
> I realize this will make it somewhat slower to launch, but an argument
> for continuing to run it from a locker is that there has been a long
> succession of serious security vulnerabilities, including a current one
> that is not yet patched. I doubt it will be the last. I can most likely
> get a patched update out in a locker quite a while before Ubuntu releases
> one.
> Alex
>
>
>> Considering acroread was provided in Athena 9, it got to be available
>> under the same terms for other Linux distros. It's the same product,
>> after all. I doubt Medibuntu packaging changes the license terms in any
>> way. But I am not expert on software licensing.
>>
>
>
>> Mike
>>
>
> Rohan Agrawal wrote:
>
>>> Hello,
>>>
>>> Thanks for the response.
>>>
>>> Regarding acroread, I know it exists in medibuntu, so if there aren't
>>> legal issues with using medibuntu, it wouldn't be more work to have
>>> acroread installed. Aside from just having a much more polished feel
>>> than evince, I think acroread's printing options (specifying the lpr
>>> command, multiple pages per sheet, etc) are very nice. I understand
>>> that there might be license issues with using medibuntu though.
>>>
>>> About the java plugin, I don't have any problem with openjdk. My
>>> comment was more about consistency - the computer I used had the sun
>>> jdk, but the icedtea plugin, and thus the openjdk jre. I figured it
>>> should either be sun jdk and sun plugin, or openjdk and icedtea plugin.
>>>
>>> Thanks,
>>> Rohan
>>>
>>> On Fri, 2009-03-13 at 20:03 -0400, Evan Broder wrote:
>>>
>>>> Hi Rohan -
>>>> Thanks for getting in touch.
>>>>
>>>> Rohan Agrawal wrote:
>>>>
>>>>> 1. Why has it been decided not to install acroread locally? I
>>>>> imagine many people would prefer it to evince, and running it
>>>>> from the locker is quite slow.
>>>>>
