Hi,
On 28.09.2014 12:47, Andreas Barth wrote:
* Andreas Cadhalpun (andreas.cadhal...@googlemail.com) [140928 11:27]:
On 28.09.2014 10:24, Moritz Muehlenhoff wrote:
Package: ffmpeg
Severity: serious
As written before we can have only libav or ffmpeg in jessie.
I'm filing this blocker bug to prevent testing migration until
this is sorted out.
As I have explained [1], I see no security problem with having FFmpeg
and Libav in Jessie, in particular because this is already the case for
Wheezy, as chromium embeds a copy of FFmpeg.
First of all, I think it is very good news that we now have FFmpeg
available in Debian. Thank you for your work on it, it's appreciated.
Thank you for your kind words.
However, the open question is (especially with the upcoming release),
do we want to have it in jessie? (That we probably want FFmpeg in
testing in the long run is something else, but the current discussion
is especially about jessie.)
Yes, this is the open question. As you know, I would like to see FFmpeg
in jessie. Many users want this as well [1]. It would also be good for
XBMC and it would make it possible to have MPlayer in jessie.
I also think it's good that you actively raised this discussion, even
if it is perhaps not working as you would have like it. Please
continue this good style.
It would indeed be nice if others would also follow this good style and
participate constructively in the discussion instead of just blocking
FFmpeg.
Another remark, we are already quite late in the cycle. At this point
it is too late to have greater changes to jessie. So even if jessie is
not officially frozen, larger changes are not possible anymore
(without disturbing the time plan).
This is nothing new for me, but letting FFmpeg migrate to jessie is no
large change. It does not involve a transition of any kind.
So would you please explain why you see a problem?
I hope we end this discussion on an agreement about the jessie plans.
That was my hope, when I started this discussion.
However, to avoid misunderstandings at a later moment, I need to point
out that the final decision of what is part of jessie is taken by the
release team (or ultimatly the release managers). All of RC-bugs,
testing migration scripts etc are very valuable helpers because it
wouldn't be possible to manage it otherwise, but in the end they are
helpers.
This is the reason why I contacted the release team.
The release policy does say "Packages must be security-supportable". I
would be surprised if a statement from the security team (assuming
that Moritz raised that bug report with his security team-hat on and
not privately) that they would like to have only one of libav and
ffmpeg in jessie would be overruled by the release team.
Nonetheless both are in wheezy and will be in jessie, unless chromium
gets removed from testing.
Debian policy § 4.13 [2] contains:
"Debian packages should not make use of these convenience copies unless
the included package is explicitly intended to be used in this way.
If the included code is already in the Debian archive in the form of a
library, the Debian packaging should ensure that binary packages
reference the libraries already in Debian and the convenience copy is
not used. If the included code is not already in Debian, it should be
packaged separately as a prerequisite if possible."
FFmpeg is not intended to be used as embedded code copy, yet chromium
uses it that way. It should instead use the system libraries, which are
now available.
I absolutely cannot understand why the security team would prefer to
have an embedded code copy instead of a properly packaged library.
Now seeing the statements from the libav maintainers (which of course,
as this is an overlaping jurisdiction, could be escalated to the tech
ctte), that we already have transition freeze and the time planings
for jessie, makes it quite unlikely (or rather: impossible) to switch
from libav to FFmpeg in time for jessie. (Of course, for jessie+1
there is enough time for the transition. And for jessie+1 we will have
enough experience with FFmpeg in Debian to perhaps see things in a
different light.)
As I have made clear from the beginning [3], I see no need for a
transition as long as Libav is maintained.
The purpose of having FFmpeg is that users can use the binary tools and
that developers can use the libraries, if they want to.
So from my experience I assume the final answer would look similar to
"It's too late for jessie, sorry". Which might be a pity but, well,
that's how it is.
It is too late for a transition, but it is not too late for letting
FFmpeg migrate into testing.
Best regards,
Andreas
1:
https://qa.debian.org/popcon-graph.php?packages=libavutil-ffmpeg54&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25m-%25d&beenhere=1
2: https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles
3: https://lists.debian.org/debian-devel/2014/07/msg01010.html
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/542800c8.7040...@googlemail.com
