Bug#402793: tech-ctte: gst-ffmpeg links with its own private ffmpeg copy
Package: tech-ctte
Severity: normal
Hi,
I kindly ask the Technical Committee to rule on the gstreamer0.10-ffmpeg
case.
The gstreamer0.10-ffmpeg package includes its own private ffmpeg copy
and is built against it. Upstream's rationale is that ffmpeg's API and
ABI aren't stable and that they need a frozen version. Linking to
another ffmpeg version often requires changes to the code and means the
software cannot be as widely tested as the upstream version.
However, the multiple copies of ffmpeg in the archive have been
responsible for a security nightmare during the sarge stable cycle. The
security team has asked to replace all such private copies by dynamic
linking to the debian ffmpeg packages. For example, this is holding
mplayer out of etch.
As I explained in the following thread:
http://lists.debian.org/debian-devel/2006/12/msg00138.html
linking to this ffmpeg version is not very complicated, and I asked the
maintainers to migrate to it before the etch release. I submitted bug
#402090 which contains a clean patch that I'm also in the process to
make accepted upstream.
However the maintainer does not want any such change before the release,
and it turned out soon that we would not come to an agreement on this
matter. Which is why I'm forwarding this issue to the Technical
Committee.
Regards,
--
Josselin Mouette /\./\
"Do you have any more insane proposals for me?"
Reply to: