2023.04.04 15:23 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Rob Boehne
For my use case, we have customers who look at a software bill of materials (BOM), and flag any “product” that has any CVE reported against any part of it. So even though we only use libtiff, and we explain that to our clients, and it’s in our BOM, we end up having to either update or explain to each client how the specific CVE isn’t in our product.
Separating tools into another repository would likely eliminate this problem. If we don’t have volunteers to maintain the tools, then we probably don’t have people that want to use them.