I told in August 2013 that it seems dead upstream. I have no idea what is the situation today. I was simply hoping that it got better in the last two years and seeing that Debian, a distro very much oriented in stability and server use, using it in Ghostscript it made the impression for me that it improved. Therefore I asked for revisiting this MIR.
If the state of libopenjpeg is still as bad as before it is no problem for me to continue Ghostscript separate from Debian. perhaps also assuming that the Ghostscript upstream developers are more into security and therefore their copy of libopenjpeg in the Ghostscript source is better than the original (see comment #21). Also no one complained about the JPEG2000 support in our Ghostscript (using the openjpeg copy with comes with Ghostscript) and also no security bug reports related to this appeared. This can mean that the built-in openjpeg is "good enough" for Ghostscript and has the vulnerable parts not used or fixed by Ghostscript developers. In addition, JPEG2000 seems an exotic format for me which did not really get adopted, it exists for years and I have owned several digital cameras (including DSLR and mirrorless cameras) since 2001 and they all do classic JPEG and RAW, JPEG2000 never made it into a camera. Where is JPEG2000 actually used? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openjpeg in Ubuntu. https://bugs.launchpad.net/bugs/711061 Title: [MIR] openjpeg Status in openjpeg package in Ubuntu: New Bug description: libopenjpeg should be included in main because compiling poppler with --enable-openjpeg in debian/rules gives poppler greater functionality (please see bug 710412). Since this change to /debian/rules adds libopenjpeg as a build-dep to poppler, which is in main, libopenjpeg must also be in main. Main inclusion requirements: 1. It is already in the universe. 2. The package is a new build-dep, and has a large user base (think evince). 3. Searching http://secunia.com/advisories/search/ for libopenjpeg gave zero results. 4. Libopenjpeg has no current Ubuntu bugs (https://bugs.launchpad.net/ubuntu/maverick/+source/openjpeg) in the Debian bug tracking system libopenjpeg has 1 open bug (http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=libopenjpeg2), this is an encoding bug, but the main use for this package will be decoding. Libopenjpeg does not require any configuration or debconf questions. 5. N/A 6. All build-deps are already included in main. 7. I am afraid that this is a bit over my head, hopefully someone else could ensure that this package meets the requirments here. Based on its long inclusion in Debian and Ubuntu I think that it should be alright here. 8.This is a fairly simple program not needed too much maintenance, as shown by the bug reports. 9. The package title and description seem to be in order. My only final comments are that I am sorry this may not be quite the normal MIR, but I am just a member of bug control, not a dev. Also, any help and advise along the way would be much appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/711061/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
