Hi folks,
Luca, who is doing most of the security work these days in Libav, asks
which releases we need to support. To the best of my knowledge, this
would in Debian and Ubuntu:
release/0.8: wheezy, precise
release/9: trusty
release/11: jessie, utopic, vivid
AFAIUI, we can safely retire release/10. Moritz, I fear at some point
we are going to stop supporting libav in stable. I don't think that
this is going to happen anytime soon, but you have an opinion how long
we really should get release/0.8 in shape?
Luca is doing the admirable work of going through the reports, which
most come in form of fuzzed samples provided by the Google security
team, analyzing the crash and proposing and committing the fix with a
well-documenting commit message. All those patches are easily
identifiable by grepping for the string "CC: libav-stable" in "git log
--grep".
It would be a really great help to identify and backport those patches
to earlier release branches. Luca and I are wondering if someone had
some spare cycles to help us out here? Ideally, we can make a
cross-distro effort for this (Gentoo, Debian & Ubuntu!).
Please email Luca and me for coordination.
Thanks,
Reinhard
--
regards,
Reinhard
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
