On Wed, Aug 31, 2016 at 1:03 PM, Alexis Ballier <aball...@gentoo.org> wrote: > On Wed, 31 Aug 2016 08:28:14 -0400 > Rich Freeman <ri...@gentoo.org> wrote: >> Sure, but we're talking about a major version here, and a web browser >> where future security updates need to be deployed quickly. You don't >> want to be stuck figuring out what other ffmpeg API calls were touched >> in the new version while there is some exploit floating around. >> >> It seems like bundling is the simpler solution here, unless the >> necessary patches are trivial. If they're in fact trivial somebody >> can probably just post one and save a lot of speculation. :) > > It depends on the complexity of the patch indeed. We're talking about 3 > enum values that were added in ffmpeg-3 here. >
If that is indeed all this is, then it does seem like a no-brainer... -- Rich
