> From: Alan Coopersmith <alan.coopersm...@oracle.com> > > A pretty convenient way to make your software full of security holes > and other bugs if you don't spend the time to update it for every upstream > patch, at which point you'll find that it's not all that convenient > compared to just using a shared library.
*sigh* people assume FreeType is only used for operating systems. How many times do I have to repeat the use-case for embedding both FreeType, and a font, within a desktop or smartphone application? For cases where the user cannot choose the font, there is no security hole. >Amalgamation can be a way to make updating more convenient...Replacing >old versions of freetype.c and freetype.h with newer versions of those same >two files is far more convenient than replacing an old set of Freetype source >files with a newer set, especially if files are renamed, removed, or added >between versions. Right on! That's exactly what I'm talking about. >My only concern about the amalgamated version of Freetype is that I don't know >if >it will continue to be maintained. For that reason, we haven't yet switched >over to >using the amalgamated version except experimentally. It will be maintained, and I have plans for improving the amalgamated distribution further. I've already added a feature for reducing the size of the result, to shave about 570kb off the FreeType amalgamation. I would also like to implement a "config" header file that lets certain portions of FreeType get turned off and on easily with preprocessor directives. And there will be a COMMITLOG file that tracks exactly what's in the amalgamation by quoting the entire commit log from which it was generated, along with proper tags in the git repository to refer to specific releases of FreeType. >Currently, if I'm not mistaken, the amalgamation tool itself is not >cross-platform. I >haven't tried running it to produce the amalgamation myself. I've only tried >using >versions of freetype.c and freetype.h that Vinnie has made available. I would >love >to see the amalgamation tool become cross-platform and part of the Freetype >project itself. Fully cross platform! The one thing that is not cross platform is the .bat file that drives it but that could be easily ported since its just a lot of command line switches.To get it into FreeType you would need the tool (which is itself just one source file, and one amalgamated multiplatform Juce module), the amalgamation templates, and a script to drive it. These are all open source. Before jumping to include it in the official distribution, I suggest giving it a week or two until I've made all the improvements I can make. Someone needed access to FT_Glyph which if I am not mistaken, is not available from a straight include of <freetype.h>. So I added the include to the amalgamated headers. If there are any other optional header files that I've forgotten let me know and I will add them. Also, if there is anything I can do to improve the amalgamated distribution I would be more than happy to do so. Thanks _______________________________________________ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel
