Please drop and block jhead
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jhead (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Hello, I find the code quality of the jhead package very troubling. Upstream seems uninterested in fixing grossly negligent code issues:
https:/
https:/
Often times security fixes are of dubious quality:
https:/
https:/
(FWIW I think the "EDITOR can be malicious" was a silly CVE that shouldn't have been assigned but the code quality here is still pretty low.)
Please consider dropping jhead from our devel release and blocking automatic import from Debian.
Thanks
Digging through past issues and the developers comments, I'd like to echo Seth's sentiment.
https:/ /github. com/Matthias- Wandel/ jhead/issues/ 60