[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [FFmpeg-devel] Reintroducing FFmpeg to Debian

Hi Thomas,

On 18.08.2014 08:36, Thomas Goirand wrote:
There's been a very well commented technical reason stated here: the
release team don't want to deal with 2 of the same library that are
doing (nearly) the same things, with potentially the same security
issues that we'd have to fix twice rather than once.

Why is it a security problem to have FFmpeg and Libav, but apparently no problem to have MySQL, MariaDB and PerconaDB?

This seems quite arbitrary to me, especially since there have been already 36 CVEs in 2014 for MySQL [1], of which 26 apparently are also relevant for MariaDB [2] and PerconaDB [3], but only 7 for FFmpeg [4] and 8 for Libav [5] in the same time.

Best regards,

1: https://security-tracker.debian.org/tracker/source-package/mysql-5.5
2: https://security-tracker.debian.org/tracker/source-package/mariadb-5.5
3: https://security-tracker.debian.org/tracker/source-package/percona-xtradb-cluster-5.5
4: https://security-tracker.debian.org/tracker/source-package/ffmpeg
5: https://security-tracker.debian.org/tracker/source-package/libav

Reply to: