Bug#774800: libav: take measurements not to include or automatically download binary blobs

Christoph Anton Mitterer calestyo at scientia.net
Wed Jan 7 19:12:30 UTC 2015


On Wed, 2015-01-07 at 20:07 +0100, Sebastian Ramacher wrote: 
> So, no bug here. There's not even an alpha release of libav 12 available
> yet.
Well... first, it was severity=wishlist, thus not necessarily a bug...
and 2nd, these changes will likely hit a release or may be introduced
via some snapshot release... and I think it's better to have a
notification that actions need to be taken then (downloading the blob
wouldn't just be a security compromise, but also a policy violation)...
in order not to fall into the same trap as iceweasel packages did.

Ignorantly closing this however, without any further discussion, doesn't
really shed a very bright light on security conscious decisions in the
maintenance process, does it?


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150107/fac8a9dd/attachment.bin>


More information about the pkg-multimedia-maintainers mailing list