Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian

Dimitri John Ledkov xnox at debian.org
Tue Jul 29 01:12:30 UTC 2014


On 28 July 2014 15:05, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> On 28.07.2014 13:52, Henrique de Moraes Holschuh wrote:
>>
>> On Mon, 28 Jul 2014, Norbert Preining wrote:
>>>
>>> On Sun, 27 Jul 2014, Reinhard Tartler wrote:
>>>>
>>>> In [1], Moritz from the security team clearly stated that he is more
>>>> than uncomfortable with having more than one copy of libavcodec in
>>>> debian/testing. In consequence this means that any package that builds
>>>>
>>>> against the ffmpeg packages currently in NEW won't make it into
>>>> testing either. I am therefore surprised about the given answer to the
>>>
>>>
>>> "More than uncomfortable" does not mean "will not be included"
>>
>>
>> Yes, it does.
>>
>> Someone will have to convince the security team somehow, likely by
>> offering
>> to do the work themselves _and_ convincing them that these new members
>> will
>> be around for long enough.
>
>
> Michael Niedermayer from FFmpeg upstream volunteered "to help with any
> future security issues in FFmpeg packages in debian" [1].
>
>> However:
>>
>> The change in Debian-specific symbol versioning and sonames being done to
>> ffmpeg so that it is co-installable with libav *is* a problem.
>>
>> It has to be done in coordination with the Canonical guys, so that both
>> Debian and Ubuntu do the same thing re.  ffmpeg sonames and symbol
>> versioning.  Otherwise, the ffmpeg packages will be of very limited use
>> (useless to run third-party binary-only games ;-p).
>
>
> I don't think coordination with Ubuntu will be a problem.
> In comment #7 in the corresponding bug at launchpad [2] Dimitri John Ledkov
> wrote that Ubuntu won't introduce FFmpeg on it's on, but instead:
> "If you wish to see a supported ffmpeg stack in both Debian and Ubuntu,
> please become a developer and start maintaining it in Debian."

I don't have an opinion about ffmpeg vs libav, apart from how hard the
soname transitions are, especially in ubuntu where we somehow ended up
with ex-multimedia packages around that either never were in debian,
or have been long removed from testing and/or unstable. Thankfully, we
have worked to make sure libav is in universe only and thus is not a
security maintenance burden. Nonetheless, libav10 transition is still
not complete in utopic today. I haven't checked, but now abi
compatible/incompatible the two stacks are? cause it would be a pain
if they are not drop in replacements, and it would also be a pain if
higher up packages link-in both ffmpeg & libav and some clashing
symbols are present... and people start requesting to have build
variants against both. Has a rebuild of all deps been done? How many
build failures there are? (On both debian & ubuntu, ideally) Is
hardening flags / toolchain enabled in both, or either of the two?

-- 
Regards,

Dimitri.



More information about the pkg-multimedia-maintainers mailing list