Select provider of libav* libraries
Jonas Smedegaard
dr at jones.dk
Fri May 15 19:12:17 UTC 2015
Quoting Andreas Cadhalpun (2015-05-15 17:16:36)
> On 15.05.2015 11:13, Jonas Smedegaard wrote:
>> Quoting Reinhard Tartler (2015-05-15 09:23:13)
>>> Also, given that Libav supports significantly less codecs and
>>> formats (and in some cases specific variants or features of codecs),
>>> many security issues simply don't apply.
>>
>> I find above important, not only for security but for long-term
>> maintenance in general.
>
> Unfortunately that argument is misleading at best, as I explained in
> my reply to Reinhard's mail.
Yes, you voiced your opinion already.
Now please let others voice there opinion too - there's no need to
repeat yourself if you have nothing *new* to say.
>>> What project is less effort for the security team?
>> Nowadays the security team has a distinct way of flagging packages as
>> not-security-supported (see e.g. package debian-security-support).
>>
>> If we consistently treat the libraries as boring vs. exciting like I
>> propose above, the security team might be convinced to tolerate both
>> in stable - flagging the exciting one and anything linked against it
>> as unsupported by them.
>
> I suggested something like that for jessie, but the reply was that having
> no security support means essentially that it's unfit for stable.
What I propose is not "something like that", nor is it for Jessie.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150515/237e4ecb/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list