2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.09.01 15:33 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn

If an application needs to be secure/stable in the face of hostile files then it should not link against libtiff.

While the above statements are undoubtedly accurate, the sentiments that they express are unhealthy for the large community that uses libtiff.

More than that: they're unhealthy for the future of TIFF itself.

I agree with you that the perception of reality is often more important than actual reality. I also agree with Rogier Wolff that testing with randomly broken files will help uncover weaknesses in the library or its dependent applications.

Testing with randomly broken files would likely take months of an unpaid volunteer's time to produce the suitably broken files, diagnose the problems, and produce fixes to avoid misbehavior. Maybe it would take a year. A year without any income at all.

As maintainer of Red Hat's libtiff package, I am now seriously wondering whether I must recommend that Red Hat disable TIFF support in any application that has any internet exposure. My rough estimate is that the number of packages that would continue to support TIFF after such a recommendation would be zero. libtiff would become an instant pariah.

There is not really any reason to single libtiff out. You can insert many application/library names here.

Bob
======================================
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/