On Sun, 2017-03-05 at 17:36 -0700, Sean Whitton wrote: > control: noowner -1 >
> > OK, got it. Are you still interested to sponsor this package, now when > > you know about status quo? If so, I'll create an account at > > alioth.debian.org and we'll continue from there. > > I was hoping that you could provide a counter-argument to allay my > concerns about security. Since you don't seem to have a response to the > issues I've raised, I wouldn't be comfortable uploading xpdf. I don't see where your concerns regarding security are, please explain. Reading more about the bugs in xpdf, the problems are mainly created by the use of poppler as a backend, not when using the _real_ upstream sources. So, if I remove the offending hello.pdf from the upstream source, can you (or somebody else) be the sponsor for this package? Please. I have also contacted the upstream author about the hello.pdf file as well as other issues. Hopefully, he will reply with an updated upstream tarball. Thanks!