[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [CTTE #717076] Default libjpeg implementation in Debian

On Sat, 2014-08-09 at 00:49 +0200, Bill Allombert wrote:
> >  8. In general it does not appear that other Debian packages require
> >     the libjpeg8 API.  The sole exception appears to be a "decode from
> >     memory buffer" interface (jpeg_mem_src/jpeg_mem_dest), which is
> >     implemented by libjpeg-turbo unless configured
> >     --without-mem-srcdst.
> Obviously, this is a chicken and egg problem. [...]

And it would not be resolved by Debian (alone) sticking with libjpeg8.

> Also what has not been considered is
> 10. Security. The IJG JPEG library has an excellent track record with regard to
> security. [...]

Still, it was affected by CVE-2013-6629.

> 11. License. IJG JPEG is under a plain permissive licence.

Both versions have something like an advertising clause (although it is
widely ignored).


Ben Hutchings
If more than one person is responsible for a bug, no one is at fault.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: