[Insight-developers] LIBXML2
Patrick Reynolds
patrick.reynolds at kitware.com
Tue Jan 22 11:59:56 EST 2008
Hello,
I couldn't agree more with Sean's sentiment in regards to keeping libxml2 up
to date. That's always going to be an issue if/when we continue to include
3rd-party libraries in ITK. In the same vein, I think using a library like
libxml2 (widely used, therefore more security fixes than a lesser-known
library) will address security concerns that go along with including such
libraries. That being contingent on being proactive about updating those
libraries.
Also, I'd have to agree with Stephen about the central repository. That
makes a lot of sense as this list of included libraries in VTK and ITK
continue to grow.
Thanks,
Patrick
On 1/22/08, Stephen R. Aylward <Stephen.Aylward at kitware.com> wrote:
>
> Hi,
>
> On the tangent...VTK is about to have another release, I think. I will
> forward your message to the appropriate VTK people.
>
> Perhaps tangential to the tanget...we now have a mechanisms for sharing
> repositories between itk and vtk (and other projects). This is done for
> MetaIO. We can do the same for LibXML2, if it is adopted by itk. Via
> this
> sharing, updating and maintenance is centralized - it should somewhat
> simplify keeping things up-to-date.
>
> Stephen
>
>
>
>
> =======================================
> Stephen R. Aylward, Ph.D.
> Chief Medical Scientist
> Kitware, Inc. - Chapel Hill Office
> http://www.kitware.com
> Phone: (518)371-3971 x300
>
>
> > -----Original Message-----
> > From:
> > insight-developers-bounces+stephen.aylward=kitware.com at itk.org
> >
> > [mailto:insight-developers-bounces+stephen.aylward=kitware.com
> > @itk.org] On Behalf Of Sean McBride
> > Sent: Tuesday, January 22, 2008 10:12 AM
> > To: Julien Jomier; Bill Lorensen
> > Cc: ITK; Steve Pieper
> > Subject: Re: [Insight-developers] LIBXML2
> >
> > On 1/21/08 8:25 PM, Julien Jomier said:
> >
> > >I understand your concern, however libxml2 has been
> > compiling on VTK's
> > >dashboard for a long time and ITK and VTK are sharing a lot of the
> > >compilers/OS, so I don't see that has a major issue (unless
> > I'm missing
> > >something).
> >
> > Perhaps tangentially related: VTK's version of libxml2 dates
> > from Oct 2006, 4 versions behind (bug 5472). I am somewhat
> > disappointed that VTK & ITK do not keep up to date with the
> > 3rd party software they use, especially when security-related
> > fixes are made. Consider:
> > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284>
> >
> > I hope that if you add libxml2 to ITK you will keep it up to
> > date, and synced with VTK.
> >
> > --
> > ____________________________________________________________
> > Sean McBride, B. Eng sean at rogue-research.com
> > Rogue Research www.rogue-research.com
> > Mac Software Developer Montréal, Québec, Canada
> >
> > _______________________________________________
> > Insight-developers mailing list
> > Insight-developers at itk.org
> > http://www.itk.org/mailman/listinfo/insight-developers
>
> _______________________________________________
> Insight-developers mailing list
> Insight-developers at itk.org
> http://www.itk.org/mailman/listinfo/insight-developers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.itk.org/mailman/private/insight-developers/attachments/20080122/e9c18c27/attachment.htm
More information about the Insight-developers
mailing list