To put this another way, why not leave the 1.2.1 binaries available on a secondary web page dedicated to legacy operating systems? I do see merit in guiding new users and new downloads to the latest, secure builds, but I am opposed to removing the legacy versions completely (for the reasons cited below).
Brian On Dec 31, 2016, at 7:02 PM, Brian Willoughby <bri...@audiobanshee.com> wrote: > Security is quite important, but I believe that audio quality and lossless > performance trump security for nearly all users of flac. > > In other words, unless the bugs affect the lossless quality of flac, then > those old downloads should remain available. Of course, place a notice about > the potential for security issues, but let the users make their own decisions. > > Personally, I find it important to have the option of decoding my archived > flac files with the same version of the code that I used to compress them. > Granted, I'm on Mac (Unix), but I assume that the same security holes are in > 1.2.1 for Unix as for Windows. Sorry I'm not much of an expert on the > security issues, but it seems that lots of software has these sorts of > security holes. We should certainly address the issues, but there's no need > to force everyone to lose access to historical versions of the flac program. > Even if the new versions of flac are perfectly compatible, there is still > some benefit to having old versions that will run on old computer operating > systems. I maintain a great number of old computers for audio recording > purposes, and while they work fine for audio purposes they won't run new > builds of certain software. > > Brian Willoughby > > > On Dec 31, 2016, at 6:46 PM, Erik de Castro Lopo <mle...@mega-nerd.com> wrote: >> there are still 1000+ downloads per week 1.2.1 windows binaries >> with know security holes. What do people think of the idea of >> disabling downloads of old, known buggy Windows binary downloads? _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev
