[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#402793: tech-ctte: gst-ffmpeg links with its own private ffmpeg copy



Package: tech-ctte
Severity: normal

Hi,

I kindly ask the Technical Committee to rule on the gstreamer0.10-ffmpeg 
case. 

The gstreamer0.10-ffmpeg package includes its own private ffmpeg copy 
and is built against it. Upstream's rationale is that ffmpeg's API and 
ABI aren't stable and that they need a frozen version. Linking to 
another ffmpeg version often requires changes to the code and means the 
software cannot be as widely tested as the upstream version.

However, the multiple copies of ffmpeg in the archive have been 
responsible for a security nightmare during the sarge stable cycle. The 
security team has asked to replace all such private copies by dynamic 
linking to the debian ffmpeg packages. For example, this is holding 
mplayer out of etch.

As I explained in the following thread:
	http://lists.debian.org/debian-devel/2006/12/msg00138.html
linking to this ffmpeg version is not very complicated, and I asked the 
maintainers to migrate to it before the etch release. I submitted bug 
#402090 which contains a clean patch that I'm also in the process to 
make accepted upstream.

However the maintainer does not want any such change before the release, 
and it turned out soon that we would not come to an agreement on this 
matter. Which is why I'm forwarding this issue to the Technical 
Committee.

Regards,
-- 
Josselin Mouette		/\./\

"Do you have any more insane proposals for me?"



Reply to: