LibTiff Mailing List

• TIFF and LibTiff Mailing List Archive
• April 2023

• Previous Thread
• Next Thread

• Previous by Thread
• Next by Thread

• Previous by Date
• Next by Date

Contact

The TIFF Mailing List Homepage
Archive maintained by AWare Systems

Thread

2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau

2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault

2023.04.04 13:49 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Bob Friesenhahn

2023.04.04 14:04 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault

2023.04.04 15:14 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr

2023.04.04 15:23 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Rob Boehne

2023.04.04 15:27 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault

2023.04.04 15:40 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Miguel Medalha

2023.04.04 16:46 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Daniel McCoy

2023.04.04 22:47 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr

2023.04.05 19:11 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Sulau

2023.04.06 19:07 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault

2023.04.07 00:05 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Miguel Medalha

2023.04.07 00:20 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault

2023.04.07 13:28 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Bob Friesenhahn

2023.04.07 13:28 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Bob Friesenhahn

The source code will remain, but you'll have to build it by yourself. Yes, that's undoubtedly inconvenient, but having unmaintained utilities that bring a endless flock of vulnerabilities that are often misinterpreted as vulnerabilities of the library isn't better for the project. If someone is serious about those utilities, they have to step up and fix them.

Most people are not going to have the knowledge or capability to compile these programs outside of libtiff since building them still depends on libtiff build (e.g. Autoconf/Cmake + porting + common-security code) internals.

Much more work would need to be done by someone to build the abandoned utilities using an already installed libtiff. This is why a spin-off project makes sense (e.g. staffed by new volunteers). The new project should be prepared to handle the flood of continuing security complaints.

Bob

Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt