Bug#402793: tech-ctte: gst-ffmpeg links with its own private ffmpeg copy
On Tue, Dec 12, 2006 at 08:03:24PM +0100, Josselin Mouette wrote:
> I kindly ask the Technical Committee to rule on the gstreamer0.10-ffmpeg
> case.
> The gstreamer0.10-ffmpeg package includes its own private ffmpeg copy
> and is built against it. Upstream's rationale is that ffmpeg's API and
> ABI aren't stable and that they need a frozen version. Linking to
> another ffmpeg version often requires changes to the code and means the
> software cannot be as widely tested as the upstream version.
> However, the multiple copies of ffmpeg in the archive have been
> responsible for a security nightmare during the sarge stable cycle. The
> security team has asked to replace all such private copies by dynamic
> linking to the debian ffmpeg packages. For example, this is holding
> mplayer out of etch.
> As I explained in the following thread:
> http://lists.debian.org/debian-devel/2006/12/msg00138.html
> linking to this ffmpeg version is not very complicated, and I asked the
> maintainers to migrate to it before the etch release. I submitted bug
> #402090 which contains a clean patch that I'm also in the process to
> make accepted upstream.
> However the maintainer does not want any such change before the release,
> and it turned out soon that we would not come to an agreement on this
> matter. Which is why I'm forwarding this issue to the Technical
> Committee.
It is my understanding that this is a request to override the decision of
the gst-ffmpeg maintainer, under 6.1.4. Given that neither the security
team nor the release team has weighed in with a statement that the package
is unsupportable in its present state, I don't believe the technical
committee should override the maintainer either.
Regards,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: