Andreas Cadhalpun wrote: > Given the amount of software in Debian and thus the amount of security > fixes necessary for a stable release, I think that the additional > stable-security uploads for FFmpeg in the order of 10 per release will > be hardly noticeable.
They are surely noticeable to the security team: the release process of a security update is more than just a "throw and forget". Tracking every single vulnerability for each copy of the code consumes time. Every single update also consumes team's time, and that of many organisations external to Debian. > What is particularly hard for me to understand is why e.g. MySQL and > MariaDB can be in testing at the same time without much resistance from > the security team, but FFmpeg and Libav can apparently not. There is resistance - we only want one, not two, not three (percona). IMH (and personal) O, if you want to see ffmpeg in Jessie or later, you should replace libav - i.e. no silly one binary + libraries that won't work for anything else. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net _______________________________________________ pkg-multimedia-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
