On Sat, 2014-08-09 at 00:49 +0200, Bill Allombert wrote: [...] > > 8. In general it does not appear that other Debian packages require > > the libjpeg8 API. The sole exception appears to be a "decode from > > memory buffer" interface (jpeg_mem_src/jpeg_mem_dest), which is > > implemented by libjpeg-turbo unless configured > > --without-mem-srcdst. > > Obviously, this is a chicken and egg problem. [...]
And it would not be resolved by Debian (alone) sticking with libjpeg8. [...] > Also what has not been considered is > > 10. Security. The IJG JPEG library has an excellent track record with regard > to > security. [...] Still, it was affected by CVE-2013-6629. [...] > 11. License. IJG JPEG is under a plain permissive licence. [...] Both versions have something like an advertising clause (although it is widely ignored). Ben. -- Ben Hutchings If more than one person is responsible for a bug, no one is at fault.
signature.asc
Description: This is a digitally signed message part