libtiff: Merge branch 'rfc02_text__restore_tools' into 'master'

From aed77c72718635fceb79a401ed0c8854e9221d0e Mon Sep 17 00:00:00 2001
From: Su_Laus <[EMAIL REDACTED]>
Date: Wed, 17 Apr 2024 21:23:48 +0200
Subject: [PATCH 1/5] Text for RFC 2: Restoring needed libtiff tools

---
 doc/rfcs/index.rst                       |  1 +
 doc/rfcs/rfc2_restoring_needed_tools.rst | 68 ++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 doc/rfcs/rfc2_restoring_needed_tools.rst

diff --git a/doc/rfcs/index.rst b/doc/rfcs/index.rst
index 9b8506f4..58e890ac 100644
--- a/doc/rfcs/index.rst
+++ b/doc/rfcs/index.rst
@@ -11,3 +11,4 @@ of the libtiff project are conducted.
     :titlesonly:
 
     rfc1_psc
+    rfc2_restoring_needed_tools
diff --git a/doc/rfcs/rfc2_restoring_needed_tools.rst b/doc/rfcs/rfc2_restoring_needed_tools.rst
new file mode 100644
index 00000000..9a962260
--- /dev/null
+++ b/doc/rfcs/rfc2_restoring_needed_tools.rst
@@ -0,0 +1,68 @@
+.. _rfc2_restoring_needed_tools:
+
+=====================================
+RFC 2: Restoring Needed LibTIFF Tools
+=====================================
+
+Author: Su Laus
+
+Contact: (@Su_Laus)
+
+Status: Proposed
+
+Summary
+-------
+
+The purpose of this RFC is to clarify if and which tools that were moved
+to the archive in libtiff 4.6.0 should be reactivated.
+
+Rationale
+---------
+
+The very old and unmaintained tools in libtiff caused many vulnerabilities
+and CVEs that were attributed to the libtiff library itself.
+Trying to fix the security holes in the tools turned out to be a
+Sisyphean task (can never be done). 
+Therefore, most of the tools in libtiff 4.6.0 were moved to the archive
+and the existing problems were closed with "wontfix-unmaintained".
+
+Later, there were objections to removing the tools. At least one
+application (HylaFAX) cannot do without some of the tools.
+
+Some problems with the tools have now been fixed
+(see e.g. https://gitlab.com/libtiff/libtiff/-/merge_requests/569).
+
+Proposed procedure
+------------------
+
+* Only the required tools should be activated.
+  These are: fax2ps, tiff2bw, tiff2pdf, tiff2ps as well as the already
+  active tools tiffcp, tiffdither, tiffdump, tiffinfo, tiffset, tiffsplit.
+* Thus following tools will not be restored and will remain in the archive:
+  fax2tiff, pal2rgb, ppm2tiff, raw2tiff, rgb2ycbcr, thumbnail, tiff2rgba,
+  tiffcmp, tiffcrop, tiffgt, tiffmedian.
+* All option "-i" (= ignore errors) will be de-activated (removed),
+  because this is a main root cause for CVEs.
+* At least tiffcrop remains in the archive, as tiffcrop cannot be maintained.
+* Bugfixes in MR !569 are applied in single merge requests for traceability
+  and selectively as some changes might not be applicable.
+* Remove “wontfix-unmaintained” from closed issues, when fixed.
+* All issues related to utilities / tools shall get label “utility”.
+* The documentation and other references shall point to
+  https://libtiff.gitlab.io/libtiff/.
+* After an initial merge has been applied for restoring the tools,
+  the http://www.libtiff.org page shall be reset as a mirror of
+  https://libtiff.gitlab.io/libtiff/.
+* Finally release as 4.7.0 when all known issues of the tools are closed.
+
+References to previous contributions to the discussion
+------------------------------------------------------
+https://gitlab.com/libtiff/libtiff/-/issues/580 and related merge request
+https://www.asmail.be/msg0054917226.html 
+https://www.asmail.be/msg0055015786.html 
+https://gitlab.com/libtiff/libtiff/-/merge_requests/569 
+
+Voting history
+--------------
+
+### to be filled after comments and votes ###

From c785239cdc271d8867658310e4b59948a6d9fcb6 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 19 Apr 2024 10:12:29 +0200
Subject: [PATCH 2/5] Text for RFC 2: Restoring needed libtiff tools - amended

---
 doc/rfcs/rfc2_restoring_needed_tools.rst | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/doc/rfcs/rfc2_restoring_needed_tools.rst b/doc/rfcs/rfc2_restoring_needed_tools.rst
index 9a962260..64c475a9 100644
--- a/doc/rfcs/rfc2_restoring_needed_tools.rst
+++ b/doc/rfcs/rfc2_restoring_needed_tools.rst
@@ -16,8 +16,8 @@ Summary
 The purpose of this RFC is to clarify if and which tools that were moved
 to the archive in libtiff 4.6.0 should be reactivated.
 
-Rationale
----------
+Prehistory
+----------
 
 The very old and unmaintained tools in libtiff caused many vulnerabilities
 and CVEs that were attributed to the libtiff library itself.
@@ -26,8 +26,7 @@ Sisyphean task (can never be done).
 Therefore, most of the tools in libtiff 4.6.0 were moved to the archive
 and the existing problems were closed with "wontfix-unmaintained".
 
-Later, there were objections to removing the tools. At least one
-application (HylaFAX) cannot do without some of the tools.
+It was later understood that some users depend on some of these archived tools.
 
 Some problems with the tools have now been fixed
 (see e.g. https://gitlab.com/libtiff/libtiff/-/merge_requests/569).
@@ -35,15 +34,12 @@ Some problems with the tools have now been fixed
 Proposed procedure
 ------------------
 
-* Only the required tools should be activated.
+* Only the required tools should be restored.
   These are: fax2ps, tiff2bw, tiff2pdf, tiff2ps as well as the already
   active tools tiffcp, tiffdither, tiffdump, tiffinfo, tiffset, tiffsplit.
 * Thus following tools will not be restored and will remain in the archive:
   fax2tiff, pal2rgb, ppm2tiff, raw2tiff, rgb2ycbcr, thumbnail, tiff2rgba,
   tiffcmp, tiffcrop, tiffgt, tiffmedian.
-* All option "-i" (= ignore errors) will be de-activated (removed),
-  because this is a main root cause for CVEs.
-* At least tiffcrop remains in the archive, as tiffcrop cannot be maintained.
 * Bugfixes in MR !569 are applied in single merge requests for traceability
   and selectively as some changes might not be applicable.
 * Remove “wontfix-unmaintained” from closed issues, when fixed.

From e3b387e00084bd4fdc550381e4517aa62853a41b Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sun, 28 Apr 2024 15:24:38 +0200
Subject: [PATCH 3/5] Text for RFC 2: Restoring needed libtiff tools - further
 amended

---
 doc/rfcs/rfc2_restoring_needed_tools.rst | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/doc/rfcs/rfc2_restoring_needed_tools.rst b/doc/rfcs/rfc2_restoring_needed_tools.rst
index 64c475a9..8b759677 100644
--- a/doc/rfcs/rfc2_restoring_needed_tools.rst
+++ b/doc/rfcs/rfc2_restoring_needed_tools.rst
@@ -19,7 +19,7 @@ to the archive in libtiff 4.6.0 should be reactivated.
 Prehistory
 ----------
 
-The very old and unmaintained tools in libtiff caused many vulnerabilities
+The tools in libtiff caused many vulnerabilities
 and CVEs that were attributed to the libtiff library itself.
 Trying to fix the security holes in the tools turned out to be a
 Sisyphean task (can never be done). 
@@ -34,12 +34,7 @@ Some problems with the tools have now been fixed
 Proposed procedure
 ------------------
 
-* Only the required tools should be restored.
-  These are: fax2ps, tiff2bw, tiff2pdf, tiff2ps as well as the already
-  active tools tiffcp, tiffdither, tiffdump, tiffinfo, tiffset, tiffsplit.
-* Thus following tools will not be restored and will remain in the archive:
-  fax2tiff, pal2rgb, ppm2tiff, raw2tiff, rgb2ycbcr, thumbnail, tiff2rgba,
-  tiffcmp, tiffcrop, tiffgt, tiffmedian.
+* All tools as of libtiff 4.5.1 shall be restored.
 * Bugfixes in MR !569 are applied in single merge requests for traceability
   and selectively as some changes might not be applicable.
 * Remove “wontfix-unmaintained” from closed issues, when fixed.
@@ -53,10 +48,11 @@ Proposed procedure
 
 References to previous contributions to the discussion
 ------------------------------------------------------
-https://gitlab.com/libtiff/libtiff/-/issues/580 and related merge request
-https://www.asmail.be/msg0054917226.html 
-https://www.asmail.be/msg0055015786.html 
-https://gitlab.com/libtiff/libtiff/-/merge_requests/569 
+https://gitlab.com/libtiff/libtiff/-/issues/580 and related merge request, 
+https://www.asmail.be/msg0054917226.html, 
+https://www.asmail.be/msg0055015786.html, 
+https://gitlab.com/libtiff/libtiff/-/merge_requests/569,
+and discussion in https://gitlab.com/libtiff/libtiff/-/merge_requests/581
 
 Voting history
 --------------

From 969ec37b5d3a0e7f58e704b9f78cf07d19f07995 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Wed, 8 May 2024 21:38:40 +0200
Subject: [PATCH 4/5] Text for RFC 2: Restoring needed libtiff tools - approved
 with voting history updated.

---
 doc/rfcs/rfc2_restoring_needed_tools.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/rfcs/rfc2_restoring_needed_tools.rst b/doc/rfcs/rfc2_restoring_needed_tools.rst
index 8b759677..9ad27c3f 100644
--- a/doc/rfcs/rfc2_restoring_needed_tools.rst
+++ b/doc/rfcs/rfc2_restoring_needed_tools.rst
@@ -8,7 +8,7 @@ Author: Su Laus
 
 Contact: (@Su_Laus)
 
-Status: Proposed
+Status: Approved
 
 Summary
 -------
@@ -57,4 +57,6 @@ and discussion in https://gitlab.com/libtiff/libtiff/-/merge_requests/581
 Voting history
 --------------
 
-### to be filled after comments and votes ###
++1 from PSC members @bobfriesenhahn, @1-Olivier, @Su_Laus
+
++0 from PSC members @theta682 and @rouault

From 00a7af3b4c311759439b7e3095f6849fd5a8b498 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sat, 25 May 2024 20:56:55 +0200
Subject: [PATCH 5/5] Text for RFC 2: Restoring needed libtiff tools - file
 added to doc/Makefile.am and rebased.

---
 doc/Makefile.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 61544999..71a6fe1e 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -198,6 +198,7 @@ rst_sources = \
 	releases/v4.6.0.rst \
 	rfcs/index.rst \
 	rfcs/rfc1_psc.rst \
+	rfcs/rfc2_restoring_needed_tools.rst \
 	functions.rst \
 	tools.rst \
 	terms.rst \