[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#402793: tech-ctte: gst-ffmpeg links with its own private ffmpeg copy



On Tue, Dec 12, 2006 at 08:03:24PM +0100, Josselin Mouette wrote:
> I kindly ask the Technical Committee to rule on the gstreamer0.10-ffmpeg 
> case. 

> The gstreamer0.10-ffmpeg package includes its own private ffmpeg copy 
> and is built against it. Upstream's rationale is that ffmpeg's API and 
> ABI aren't stable and that they need a frozen version. Linking to 
> another ffmpeg version often requires changes to the code and means the 
> software cannot be as widely tested as the upstream version.

> However, the multiple copies of ffmpeg in the archive have been 
> responsible for a security nightmare during the sarge stable cycle. The 
> security team has asked to replace all such private copies by dynamic 
> linking to the debian ffmpeg packages. For example, this is holding 
> mplayer out of etch.

> As I explained in the following thread:
> 	http://lists.debian.org/debian-devel/2006/12/msg00138.html
> linking to this ffmpeg version is not very complicated, and I asked the 
> maintainers to migrate to it before the etch release. I submitted bug 
> #402090 which contains a clean patch that I'm also in the process to 
> make accepted upstream.

> However the maintainer does not want any such change before the release, 
> and it turned out soon that we would not come to an agreement on this 
> matter. Which is why I'm forwarding this issue to the Technical 
> Committee.

It is my understanding that this is a request to override the decision of
the gst-ffmpeg maintainer, under 6.1.4.  Given that neither the security
team nor the release team has weighed in with a statement that the package
is unsupportable in its present state, I don't believe the technical
committee should override the maintainer either.

Regards,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Reply to: