Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Please allow bypassing bundled libs (so that system package equivalents are used, instead) #90
dvisvgm bundles a number of libraries, some of which have standalone packages in modern Linux distributions. Inspecting the
When a vulnerability (or some other bug) in one of these dependencies is fixed, the user only benefits with the next release of dvisvgm, provided you keep all of these up to date yourself for every release. It would be awesome, to have configure options to compile and link against system wide versions of these packages so that when they are updated all using apps — including dvisvgm — get the fix.
What do you think?
actually, unbundling some of the libraries is already on my to-do list since we also have a no-bundled-libraries policy for Fedora. The unbundling currently takes place in the spec file used to build the rpm. I've kept the libraries for now to simplify building dvisvgm for TeX Live.
I'll discuss the topic with the TeX Live maintainers and will probably unbundle brotli, woff2 and xxhash. ff-woff is a reduced version of libfontforge where the latter can be used alternatively. On Windows the latter is hard to build. Therefore, I'm currently working on a complete replacement for ff-woff.
As I'd like to avoid adding a dependency on boost, I chose the C++17-compliant variant class by mpark which is a is a header-only implementation. So there's no binary code linked in this case.