#4350
John Cupitt
Guest

Hello, libvips maintainer here, thank you for making this package!

I would make a few changes to the jammy deb for 8.15:

1. Swap libgsf for libarchive. We’ve got a new backend for dzsave and moved on from the slightly clumsy libgsf. Performance is better too. Without this change libvips won’t be able to write deepzoom / gmaps / etc. pyramids.

2. Remove libmatio. This library is extremely insecure by design (no attempt is made to validate input) and can be trivially hacked. It should not be exposed to internet data, IMO. It’s used to load Matlab save files, which is not a common thing, so I think most people would not miss it.

3. I would consider removing libmagick* as well. libvips uses it for formats like BMP and ICO, which are (arguably) not widely used. Including it brings in a range of security issues.

4. You could consider removing libexr. Again, EXR images are not widely used, and you save some bytes off your package.

5. I would also remove libopenslide. This is an extreme minority set of formats useful only in the digital pathology community.

6. 8.15 still has orc support, but has a new SIMD backend based on libhwy. If you can bear to package it, swapping orc for hwy would be useful.

7. 8.15 supports libspng as well as libpng. If libspng is packaged, it’s faster and safer than libpng.

8. I would remove nip2 from the recommended list. It (annoyingly) brings in most of X11 unless users remember to turn on –no-install-recommends.