On 8/18/14, Moritz Mühlenhoff <j...@inutil.org> wrote: > Andreas Cadhalpun <andreas.cadhal...@googlemail.com> schrieb: >> Hi Thomas, >> >> On 18.08.2014 08:36, Thomas Goirand wrote: >>> There's been a very well commented technical reason stated here: the >>> release team don't want to deal with 2 of the same library that are >>> doing (nearly) the same things, with potentially the same security >>> issues that we'd have to fix twice rather than once. >> >> Why is it a security problem to have FFmpeg and Libav, but apparently no >> problem to have MySQL, MariaDB and PerconaDB? > > Raphael Geissert already wrote that mysql/mariadb/percona will be > addressed as well; we haven't come around to since since we need to > deal with a lot of stuf and being dragged into endless discussions > on -devel is certainly not helpful. > > Cheers, > Moritz
Excuse my interruption, but I intend to be a little blunt. I think there might be a little bit of miscommunication. You have said that security team cannot handle both FFmpeg and Libav. Since Libav is already in Debian, this statement is assumed to mean that you do not want to deal with FFmpeg. However this mail http://lists.debian.org/debian-devel/2014/08/msg00060.html kind of hints the opposite - Libav security handling is horrible and burden to you, while FFmpeg so far is responsive and responsible. So I would like to get a little bit more details on your priorities and preferences. The options I could think of are: 1. Drop both Libav and FFmpeg. 2. Leave Libav in stable, keep FFmpeg out. 3. Get FFmpeg in stable, drop Libav. 4. Get both Libav and FFmpeg, under the condition that Michael is helping with FFmpeg patching. 5. Get both Libav and FFmpeg, under the condition that Michael is helping with FFmpeg AND Libav patching (only for jessie). 6. Something else... Other people have said that FFmpeg should provide help and resources to the security team. Please elaborate what more can FFmpeg do to please you. Best Regards Ivan Kalvachev iive P.S. I hope ftp masters are not deliberately prolonging the FFmpeg inclusion, thinking they are doing favor to their peers from other teams. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
