Re: Consider to switch libjpeg-turbo as default jpeg

To: Robert Bagdan <kikadf.01%gmail.com@localhost>
Subject: Re: Consider to switch libjpeg-turbo as default jpeg
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Tue, 18 Mar 2025 09:53:13 -0400

Robert Bagdan <kikadf.01%gmail.com@localhost> writes:

>>   I am unclear on how jpeg and jpeg-turbo, as projecs, deal with
>>   security issues and prompt releases.  I think we should look at them
>>   both and understand if we are moving to a worse (or better) situation
>>   before leaping.
>
> For jpeg: https://www.cvedetails.com/vendor/17990/IJG.html
> For libjpeg-turbo: https://www.cvedetails.com/vendor/17075/Libjpeg-turbo.html
>
> Seems the current releases aren't affected by unfixed CVEs, but they aren't
> in a hurry to fix security bugs.
> However the libjpeg-turbo development is more active and as I see,
> more popular.

I am having a hard time following.  Looking at the 2nd URL, and
clicking, I find that libjpegturbo is at 7.4 and the last release was in
2017.  But also that the versions there don't make any sense compared to
the timestamps on distfiles, which show 3.1.0 on January 3, 2025.

Follow-Ups:
- Re: Consider to switch libjpeg-turbo as default jpeg
  - From: Robert Bagdan

References:
- Consider to switch libjpeg-turbo as default jpeg
  - From: Robert Bagdan
- Re: Consider to switch libjpeg-turbo as default jpeg
  - From: Greg Troxel
- Re: Consider to switch libjpeg-turbo as default jpeg
  - From: Robert Bagdan

Prev by Date: Re: Consider to switch libjpeg-turbo as default jpeg
Next by Date: Re: Consider to switch libjpeg-turbo as default jpeg
Previous by Thread: Re: Consider to switch libjpeg-turbo as default jpeg
Next by Thread: Re: Consider to switch libjpeg-turbo as default jpeg
Indexes:

Home | Main Index | Thread Index | Old Index