Other point of view is, poppler uses its own JPEG2000 parser if openjpeg is not present.
That parser is probably worse security wise than the openjpeg one and the poppler developers just keep it for compatibility, but won't refuse to spend time on it when there's maintained code out there that implements JPEG2000 parsing better. So maybe by makig openjpeg not go to main you're exposing your users to an even bigger threat -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openjpeg in Ubuntu. https://bugs.launchpad.net/bugs/711061 Title: [MIR] openjpeg Status in openjpeg package in Ubuntu: Confirmed Bug description: libopenjpeg should be included in main because compiling poppler with --enable-openjpeg in debian/rules gives poppler greater functionality (please see bug 710412). Since this change to /debian/rules adds libopenjpeg as a build-dep to poppler, which is in main, libopenjpeg must also be in main. Main inclusion requirements: 1. It is already in the universe. 2. The package is a new build-dep, and has a large user base (think evince). 3. Searching http://secunia.com/advisories/search/ for libopenjpeg gave zero results. 4. Libopenjpeg has no current Ubuntu bugs (https://bugs.launchpad.net/ubuntu/maverick/+source/openjpeg) in the Debian bug tracking system libopenjpeg has 1 open bug (http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=libopenjpeg2), this is an encoding bug, but the main use for this package will be decoding. Libopenjpeg does not require any configuration or debconf questions. 5. N/A 6. All build-deps are already included in main. 7. I am afraid that this is a bit over my head, hopefully someone else could ensure that this package meets the requirments here. Based on its long inclusion in Debian and Ubuntu I think that it should be alright here. 8.This is a fairly simple program not needed too much maintenance, as shown by the bug reports. 9. The package title and description seem to be in order. My only final comments are that I am sorry this may not be quite the normal MIR, but I am just a member of bug control, not a dev. Also, any help and advise along the way would be much appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/711061/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
