AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2011.12.12 20:22 "[Tiff] considering packaging 4.0 beta in debian "unstable"", by Jay Berkenbilt
2011.12.12 20:33 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Bob Friesenhahn
2011.12.12 21:26 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Jay Berkenbilt
2011.12.12 23:49 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Chris Cox
2011.12.13 00:16 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Bob Friesenhahn
2011.12.13 00:29 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Frank Warmerdam
2011.12.13 01:13 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Lee Howard
2011.12.13 14:42 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Olivier Paquet
2011.12.13 02:06 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Bob Friesenhahn
2011.12.14 21:35 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Jay Berkenbilt

2011.12.12 20:33 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Bob Friesenhahn

Before I took this action, I wanted to run it by the maintainers of the tiff library. I do release, of course, that there is very limited time and resources on the tiff library right now, so this should definitely not be construed as a complaint. It's just a recognition of the reality that tiff 4.0.0 is being "allowed to escape" even if it hasn't been "released", and this is my attempt at decreasing the degree to which this might pose a problem. The good news is that I have extremely limited time as well, so it may take me a while to actually package 4.0.0 beta 7 for debian! But it's realistic that I could find the time in the next couple of months.

Would it help considerably if there was a 4.0.0 "release" which is substantially similar to the current "beta" code?

Another option to packaging 4.0.0 beta 7 is to roll an informal release out of the current CVS. As security fixes have been announced on the 3.9.x branch, I have continued to locate them in CVS and to backport them into 4.0.0 beta 7, so as far as I know, debian's 4.0.0 beta 7 contains all previously publicized security fixes. I can't absolutely guarantee that, but it has been my intention for that to be true.

Have these security fixes been posted to the libtiff bug tracker, and, if so, have the fixes been making it into libtiff CVS?

I don't receive any notifications from the libtiff bug tracker so I don't know if new bugs have been posted and need to rely on those who do receive such notifications to do the right thing.

Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/