2011.12.12 20:22 "[Tiff] considering packaging 4.0 beta in debian "unstable"", by Jay Berkenbilt

2011.12.12 23:49 "Re: [Tiff] considering packaging 4.0 beta in debian "unstable"", by Chris Cox

If we need a 4.0.0 release - how long will that take? (to really feel good about it, not to just change the label).

And what is the timeframe for including it in the debian "unstable" builds? Are there any deadlines?

Personally, I think it's a good idea -- get more testing done on the library, get a more official build out there, get more bigtiff usage, etc. But I'm not the one monitoring and fixing bugs...


On 12/12/11 12:33 PM, "Bob Friesenhahn" <bfriesen@simple.dallas.tx.us> wrote:

Before I took this action, I wanted to run it by the maintainers of the tiff library. I do release, of course, that there is very limited time and resources on the tiff library right now, so this should definitely not be construed as a complaint. It's just a recognition of the reality that tiff 4.0.0 is being "allowed to escape" even if it hasn't been "released", and this is my attempt at decreasing the degree to which this might pose a problem. The good news is that I have extremely limited time as well, so it may take me a while to actually package 4.0.0 beta 7 for debian! But it's realistic that I could find the time in the next couple of months.

Would it help considerably if there was a 4.0.0 "release" which is substantially similar to the current "beta" code?

Another option to packaging 4.0.0 beta 7 is to roll an informal release out of the current CVS. As security fixes have been announced on the 3.9.x branch, I have continued to locate them in CVS and to backport them into 4.0.0 beta 7, so as far as I know, debian's 4.0.0 beta 7 contains all previously publicized security fixes. I can't absolutely guarantee that, but it has been my intention for that to be true.

Have these security fixes been posted to the libtiff bug tracker, and, if so, have the fixes been making it into libtiff CVS?

I don't receive any notifications from the libtiff bug tracker so I don't know if new bugs have been posted and need to rely on those who do receive such notifications to do the right thing.