Update to Speex

Jean-Marc Valin jean-marc.valin at usherbrooke.ca
Sun Mar 16 22:23:30 UTC 2008


> So, to the point, we have two issues at hand: the first is that beta3
> broke ABI wrt 1.0/1.1/1.2beta2 because of the split. We are going to
> need to bump the SONAME because of that change, e.g. libspeex.so.2.
> We could do that and diverge from you, but it would be best if you did
> so yourself. Remember, every ABI-breaking change needs a SONAME bump!

Except that we disagree on the fact there was an ABI change, since the
current version of libspeex has the same ABI as the last stable release:
1.0.5 -- which is actually shipped by some distros. Also, what are you
planning to do with libspeexdsp? I'm still planning on making API/ABI
changes to that one (not libspeex). Are you planning on having
libspeexdsp.so.8 (or so) once 1.2 is released and the API/ABI freezes?

> The second issue is that we have some users interested in seeing Mumble
> in Debian. Unfortunately, I was told that mumble needs a post-beta3
> version, i.e. currently an SVN snapshot.

Yes, he submitted a buch of patches after beta3 was released (basically,
for all the stuff he had modified in his own copy).

> Apparently, Mumble has already reached Ubuntu by including a *copy* of
> libspeex inside the Mumble package.
> As you may imagine, this is far from ideal and our security team
> prohibits us from doing so -- and for a good reason.

Yes, I can understand why you're not fond of doing that. At least, rest
assured that libspeex is not a library that tends to have security
issues. In the entire history of the library I think I've found one DoS
(non-exploitable crash).

> It would be great if you could freeze the ABI,

No.

> bump the SONAME 

Why?

> and
> release a 1.2beta4 version that mumble can depend on and that we could
> upload

Overall, there's still very little change to make that a new version.
The Mumble stuff is the only thing that changed since 1.2beta3. But I'll
think about it.

> -- or even better, do a 1.2 release, it's about time! :)

I think Debian has no lessons to give when it comes to making timely
releases :-D

> We have quite a few people interested in seeing this resolved and we are
> committed to help you in any way we can.

Yes, I definitely want to resolve this as well.

	Jean-Marc



More information about the Pkg-voip-maintainers mailing list