I'm not saying it's not useful. The point is that the library that we're using for Exif metadata is unsuited for use on a modern desktop operating system or server connected to the Internet.
The maintainer doesn't want to put in the work to take it from a fun hobby to a production-grade tool. I can understand that, and I'm even sympathetic that it was used more widely than it should have been. That's not his fault. But we have millions of users who expect us to protect them against drive-by downloads that own their desktops and server administrators who expect to use the tools we provide to build safe services for their users in turn. Ideally shotwell would be able to degrade service gracefully until someone cares enough to write a safe Exif library. Less ideal would be to demote shotwell until this is addressed. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to exiv2 in Ubuntu. https://bugs.launchpad.net/bugs/1706471 Title: please demote exiv2 to universe Status in exiv2 package in Ubuntu: Incomplete Bug description: Hello, Please consider demoting exiv2 to universe. http://dev.exiv2.org/issues/1248 The upstream author appears overwhelmed with the task of hardening exiv2 for use against untrusted inputs and thus far (~nine months) no users have provided the project with patches against known issues. $ reverse-depends -c main -r artful src:exiv2 Reverse-Depends =============== * libgexiv2-2 (for libexiv2-14) * libgexiv2-dev (for libexiv2-dev) Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1706471/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
