On 16/01/13 22:31, Alexis Ballier wrote:
> interesting, did they report it? OTOH, they switched _after_ the 2.0.5
> release which happens to be the latest one. Since vlc is probably the
> ffmpeg/libav interface the most popular in the world (due to their
> windows and mac builds), I'd like to see an actual release with it and
> see if there is any regression before claiming they use libav.

Reported, dismissed as bug on their side IIRC.

>> gst-ffmpeg/gst-libav works only with libav as per upstream desire
>> (thus the rename)
> 
> you mean use libav internally? because 'per upstream desire'
> gst-ffmpeg or gst-libav always only worked with the internal libs :)
> it also appears to build and work fine with ffmpeg-0.10

To be more clear, latest gst-libav release does not build with latest
ffmpeg release, same said for the gst-libav backport.

> Speaking about bias, the maintainer happens to be part of libav core
> developers and was even part of what is known as the 'ffmpeg coup' :)

Meanwhile I preferred let people pick their poison since it is easy to
switch from one to another, in retrospect would had been better if I
just removed ffmpeg from the tree from day 0.

> None of what you cited is a problem for a downstream distribution,
> except maybe vlc+rtmp which should be fixed regardless.

> xbmc and mplayer did not build last time I tried. xbmc will be a pain
> because it uses some libavfilter features not in libav.

mplayer2 works decently here. I didn't try to look at xbmc yet.

> I don't want to verify this and will trust you there, but I still
> don't consider 8 months to be a correct delay for handling a published
> vulnerability, whatever its origin may be.

Crashes are always bad, we fix a lot of them every day, we obviously
introduce few new since we aren't perfect, calling all of them security
problems is a tad extreme in my opinion.

The problem with the "published vulnerabilities" had been usually us
being prevented from accessing the example vectors, now the situation is
way better.

> I'm sure the fork didn't happen because
> some day some devs woke up angry because they didn't have had their
> coffee. However, I'm also sure the fork is a pain for downstream
> distros and a lot of upstreams.

The rationale is on libav.org/about.html, I spent about 3 months trying
to prevent it. I failed.

lu

Reply via email to