- 2008.08.30 02:08 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
-
2008.08.31 15:17 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.08.31 21:09 "Re: [Tiff] Some security fixes from RHEL", by Rogier Wolff
- 2008.08.31 21:21 "Re: [Tiff] Some security fixes from RHEL", by Olaf_Drümmer
-
2008.08.31 21:51 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
- 2008.08.31 22:08 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.08.31 21:52 "Re: [Tiff] Some security fixes from RHEL", by Toby Thain
- 2008.09.01 15:40 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.08.31 21:59 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.08.31 22:17 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.01 03:12 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.01 15:52 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.01 21:33 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.03 16:38 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.03 17:07 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 17:20 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 18:02 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 19:32 "Re: [Tiff] Some security fixes from RHEL", by Ron
- 2008.09.03 21:39 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.03 17:20 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 17:16 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.09.04 07:45 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
-
2008.09.03 17:07 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 16:38 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.01 22:30 "Re: [Tiff] Some security fixes from RHEL", by Dmitry V. Levin
-
2008.09.01 21:33 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
-
2008.09.01 15:52 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
-
2008.09.01 05:11 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
- 2008.09.01 15:30 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.09.01 15:33 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
- 2008.09.01 16:23 "Re: [Tiff] Some security fixes from RHEL", by Ron
- 2008.09.01 22:04 "Re: [Tiff] Some security fixes from RHEL", by Dmitry V. Levin
-
2008.08.31 21:09 "Re: [Tiff] Some security fixes from RHEL", by Rogier Wolff
-
2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
-
2008.09.03 08:03 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
- 2008.09.04 20:48 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
- 2008.09.03 21:01 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 21:59 "Re: [Tiff] Some security fixes from RHEL", by Even Rouault
2008.09.01 03:12 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
While the above statements are undoubtedly accurate, the sentiments that they express are unhealthy for the large community that uses libtiff. So, while the statements may be true, they really should not so be.
Maintainers and developers of any software should be committed to the software development and to the health of the community that uses that software. Some degree of responsibility is expected. When flaws in the
software are discovered, be they rather benign or security-related, the community looks to developers and maintainers to take action. Failure to take action leads the community into an atmosphere of uncertainty and mistrust... all of which further inhibits the software development cycle.
Understand that while the software development process may be slow, stagnant, or distracted, distribution maintainers and application maintainers are under pressure from their own customers to be responsive and to indemnify any inaction by the upstream. Thus you will find RedHat, Fedora, SuSE, Debian, Gentoo, etc. maintainers who will have to patch and patch and continue to patch to satisfy those expectations.
It seems to me that the least that could be done in such situations would be to accept the patches developed downstream and to acknowledge and be at least verbally responsive to credible reports of such issues.
Lee,
It would be helpful to have additional libtiff maintainers interested in taking on such problems. I will say that I expect to apply the provided patch, though it would be better if this could be handled without depending on me.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Programmer for Rent