2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.09.03 18:02 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn

If Debian and others will refuse to distribute it in their stable (read: "stale") releases then that is their decision, and they're welcome to patch away at a previous release. Meanwhile, I think that we have an obligation to the rest of the libtiff-using community to cut code releases as development occurs.

Debian is pretty important since it seems that 46 other Linux distributions (including the super-popular Ubuntu) depend on it for their packages, and there are non-Linux distributions depending on it as well. See "http://en.wikipedia.org/wiki/List_of_Linux_distributions".

It may be that some distributions are based on "experimental", "testing", or "unstable" versions of Debian which are more likely to pick up changes.

>From recent experience, I am finding that minor API/ABI changes will surely delay broad use of a release by 6 to 12 months or more whereas otherwise it could appear in just a week.

Debian should be viewed like as "canary" (as used by miners) for package releases.

If we can make Debian (and Gentoo, Fedora, FreeBSD) happy by reshuffling a few lines of code, then we should do so.

Bob
======================================
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/