[DebianGIS-dev] Bug#603470: libmapnik0.7: package linked against broken external AGG

David Paleino dapal at debian.org
Mon Nov 15 17:44:11 UTC 2010 

Dear Security and Release Teams,

On Mon, 15 Nov 2010 12:07:56 +0100, Sven Geggus wrote:

> Francesco P. Lovergine schrieb am Montag, den 15. November um 11:19 Uhr:
> 
> > My best guessing is moving to the embedded copy if resulting issues are
> > grave enough to compromise its use.
> 
> There are occasional hangs of the rendering library resulting in 100% CPU
> usage.

I'm writing to you because of #603470. The obvious solution is to link against
the internal patched libagg, and this is what mapnik upstream is expecting us to
do.

The AGG+Mapnik case is unfortunate; the problem is twofold: upstream relicensed
the code from MIT to GPL-2 from versions 2.4 → 2.5 (and Mapnik is LGPL, so
we're basically restricting its usage when linking to the GPL library), and
development of AGG has now stopped.
It seems like there are some forks in the wild of the 2.4 branch (because of
license concerns). Mapnik embeds a patched 2.3 version of AGG -- I'd like to
know if:

- security team: would it be acceptable to use the embedded copy?
- release team: would such a change have a freeze exception granted? (attaching
  diff -- the only change is the drop of INTERNAL_LIBAGG=no, but I split it to
  make it easier to read in future)

Thank you,
David

-- 
 . ''`.   Debian developer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 ----|---- http://deb.li/dapal
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mapnik.patch
Type: text/x-patch
Size: 1493 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20101115/42a1aae3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20101115/42a1aae3/attachment.pgp>

More information about the Pkg-grass-devel mailing list