touch-packages team mailing list archive

Thread
Date
[Bug 711061] Re: [MIR] openjpeg

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Till Kamppeter <711061@xxxxxxxxxxxxxxxxxx>
Date: Mon, 06 Jul 2015 23:50:57 -0000
Reply-to: Bug 711061 <711061@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
I told in August 2013 that it seems dead upstream. I have no idea what
is the situation today. I was simply hoping that it got better in the
last two years and seeing that Debian, a distro very much oriented in
stability and server use, using it in Ghostscript it made the impression
for me that it improved. Therefore I asked for revisiting this MIR.

If the state of libopenjpeg is still as bad as before it is no problem
for me to continue Ghostscript separate from Debian. perhaps also
assuming that the Ghostscript upstream developers are more into security
and therefore their copy of libopenjpeg in the Ghostscript source is
better than the original (see comment #21).

Also no one complained about the JPEG2000 support in our Ghostscript
(using the openjpeg copy with comes with Ghostscript) and also no
security bug reports related to this appeared. This can mean that the
built-in openjpeg is "good enough" for Ghostscript and has the
vulnerable parts not used or fixed by Ghostscript developers.

In addition, JPEG2000 seems an exotic format for me which did not really
get adopted, it exists for years and I have owned several digital
cameras (including DSLR and mirrorless cameras) since 2001 and they all
do classic JPEG and RAW, JPEG2000 never made it into a camera. Where is
JPEG2000 actually used?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openjpeg in Ubuntu.
https://bugs.launchpad.net/bugs/711061

Title:
  [MIR] openjpeg

Status in openjpeg package in Ubuntu:
  New

Bug description:
  libopenjpeg should be included in main because compiling poppler with
  --enable-openjpeg in debian/rules gives poppler greater functionality
  (please see bug 710412). Since this change to /debian/rules adds
  libopenjpeg as a build-dep to poppler, which is in main, libopenjpeg
  must also be in main.

  Main inclusion requirements:

  1. It is already in the universe.

  2. The package is a new build-dep, and has a large user base (think
  evince).

  3. Searching http://secunia.com/advisories/search/ for libopenjpeg
  gave zero results.

  4. Libopenjpeg has no current Ubuntu bugs (https://bugs.launchpad.net/ubuntu/maverick/+source/openjpeg)
       in the Debian bug tracking system libopenjpeg has 1 open bug (http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=libopenjpeg2), this is an encoding bug, but the main use for this package will be decoding.
       Libopenjpeg does not require any configuration or debconf questions.

  5. N/A

  6. All build-deps are already included in main.

  7. I am afraid that this is a bit over my head, hopefully someone else
  could ensure that this package meets the requirments here. Based on
  its long inclusion in Debian and Ubuntu I think that it should be
  alright here.

  8.This is a fairly simple program not needed too much maintenance, as
  shown by the bug reports.

  9. The package title and description seem to be in order.

  
  My only final comments are that I am sorry this may not be quite the normal MIR, but I am just a member of bug control, not a dev. Also, any help and advise along the way would be much appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/711061/+subscriptions