I'm not a tiff developer, so my opinion shouldn't count as a vote, but I would be fine with the unsupported tools moving to their own tifftools project with just the minimum maintenance necessary to keep them running (changes to keep current with the tiff api and changes to fix CVEs). I suspect that few people use the unsupported tools, but the people who use the tools need them enough to be willing to keep them working. Some years ago, google dumped a pile of fuzzing CVEs on the poppler project, and the poppler maintainer asked for volunteers on the mailing list to take a few each. Most were pretty easy to fix (run with valgrind, add a variable initialization, array index check, or null pointer check). The same might work for tifftools. I don't think that the tools need to be rewritten. They are small enough that the rewrite would probably end up similar, and a rewrite could introduce a new set of bugs. If someone wants to rewrite the tools on their own, that is fine, and it would be nice for the tools to show best-practice for using the tiff library, but I'm not sure if it is necessary or worth it. Regards, William
_______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
