On Fri, 7 Apr 2023, Even Rouault wrote:
The source code will remain, but you'll have to build it by yourself. Yes, that's undoubtedly inconvenient, but having unmaintained utilities that bring a endless flock of vulnerabilities that are often misinterpreted as vulnerabilities of the library isn't better for the project. If someone is serious about those utilities, they have to step up and fix them.
Most people are not going to have the knowledge or capability to compile these programs outside of libtiff since building them still depends on libtiff build (e.g. Autoconf/Cmake + porting + common-security code) internals.
Much more work would need to be done by someone to build the abandoned utilities using an already installed libtiff. This is why a spin-off project makes sense (e.g. staffed by new volunteers). The new project should be prepared to handle the flood of continuing security complaints.
Bob -- Bob Friesenhahn [email protected], http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt _______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
