Hi Moritz, On 18.08.2014 14:05, Moritz Mühlenhoff wrote:
Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> schrieb:On 18.08.2014 08:36, Thomas Goirand wrote:There's been a very well commented technical reason stated here: the release team don't want to deal with 2 of the same library that are doing (nearly) the same things, with potentially the same security issues that we'd have to fix twice rather than once.Why is it a security problem to have FFmpeg and Libav, but apparently no problem to have MySQL, MariaDB and PerconaDB?Raphael Geissert already wrote that mysql/mariadb/percona will be addressed as well; we haven't come around to since since we need to deal with a lot of stuf and being dragged into endless discussions on -devel is certainly not helpful.
I don't remember Raphael Geissert writing anything about security concerns with having MySQL, MariaDB and PerconaDB, only that you wrote half a year ago, that the security team will "be working with the release team to sort this out for jessie" [1].
As I haven't seen any further discussion about this and the recent mail about MySQL, MariaDB and PerconaDB on debian-devel [2] indicated that the plan was to have all of them as alternatives, I assumed this was resolved.
There wouldn't be any discussion about the security of FFmpeg and Libav as well, if you hadn't started it [3].
Why is FFmpeg treated differently than MariaDB/PerconaDB? Best regards, Andreas 1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729203#435 2: https://lists.debian.org/debian-devel/2014/08/msg00016.html 3: https://lists.debian.org/debian-devel/2014/02/msg00668.html