libtiff: Text for RFC 2: Restoring needed libtiff tools

From aed77c72718635fceb79a401ed0c8854e9221d0e Mon Sep 17 00:00:00 2001
From: Su_Laus <[EMAIL REDACTED]>
Date: Wed, 17 Apr 2024 21:23:48 +0200
Subject: [PATCH] Text for RFC 2: Restoring needed libtiff tools

---
 doc/rfcs/index.rst                       |  1 +
 doc/rfcs/rfc2_restoring_needed_tools.rst | 68 ++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 doc/rfcs/rfc2_restoring_needed_tools.rst

diff --git a/doc/rfcs/index.rst b/doc/rfcs/index.rst
index 9b8506f4..58e890ac 100644
--- a/doc/rfcs/index.rst
+++ b/doc/rfcs/index.rst
@@ -11,3 +11,4 @@ of the libtiff project are conducted.
     :titlesonly:
 
     rfc1_psc
+    rfc2_restoring_needed_tools
diff --git a/doc/rfcs/rfc2_restoring_needed_tools.rst b/doc/rfcs/rfc2_restoring_needed_tools.rst
new file mode 100644
index 00000000..9a962260
--- /dev/null
+++ b/doc/rfcs/rfc2_restoring_needed_tools.rst
@@ -0,0 +1,68 @@
+.. _rfc2_restoring_needed_tools:
+
+=====================================
+RFC 2: Restoring Needed LibTIFF Tools
+=====================================
+
+Author: Su Laus
+
+Contact: (@Su_Laus)
+
+Status: Proposed
+
+Summary
+-------
+
+The purpose of this RFC is to clarify if and which tools that were moved
+to the archive in libtiff 4.6.0 should be reactivated.
+
+Rationale
+---------
+
+The very old and unmaintained tools in libtiff caused many vulnerabilities
+and CVEs that were attributed to the libtiff library itself.
+Trying to fix the security holes in the tools turned out to be a
+Sisyphean task (can never be done). 
+Therefore, most of the tools in libtiff 4.6.0 were moved to the archive
+and the existing problems were closed with "wontfix-unmaintained".
+
+Later, there were objections to removing the tools. At least one
+application (HylaFAX) cannot do without some of the tools.
+
+Some problems with the tools have now been fixed
+(see e.g. https://gitlab.com/libtiff/libtiff/-/merge_requests/569).
+
+Proposed procedure
+------------------
+
+* Only the required tools should be activated.
+  These are: fax2ps, tiff2bw, tiff2pdf, tiff2ps as well as the already
+  active tools tiffcp, tiffdither, tiffdump, tiffinfo, tiffset, tiffsplit.
+* Thus following tools will not be restored and will remain in the archive:
+  fax2tiff, pal2rgb, ppm2tiff, raw2tiff, rgb2ycbcr, thumbnail, tiff2rgba,
+  tiffcmp, tiffcrop, tiffgt, tiffmedian.
+* All option "-i" (= ignore errors) will be de-activated (removed),
+  because this is a main root cause for CVEs.
+* At least tiffcrop remains in the archive, as tiffcrop cannot be maintained.
+* Bugfixes in MR !569 are applied in single merge requests for traceability
+  and selectively as some changes might not be applicable.
+* Remove “wontfix-unmaintained” from closed issues, when fixed.
+* All issues related to utilities / tools shall get label “utility”.
+* The documentation and other references shall point to
+  https://libtiff.gitlab.io/libtiff/.
+* After an initial merge has been applied for restoring the tools,
+  the http://www.libtiff.org page shall be reset as a mirror of
+  https://libtiff.gitlab.io/libtiff/.
+* Finally release as 4.7.0 when all known issues of the tools are closed.
+
+References to previous contributions to the discussion
+------------------------------------------------------
+https://gitlab.com/libtiff/libtiff/-/issues/580 and related merge request
+https://www.asmail.be/msg0054917226.html 
+https://www.asmail.be/msg0055015786.html 
+https://gitlab.com/libtiff/libtiff/-/merge_requests/569 
+
+Voting history
+--------------
+
+### to be filled after comments and votes ###