[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reintroducing FFmpeg to Debian

Hi Moritz,

On 18.08.2014 14:05, Moritz Mühlenhoff wrote:
Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> schrieb:
On 18.08.2014 08:36, Thomas Goirand wrote:
There's been a very well commented technical reason stated here: the
release team don't want to deal with 2 of the same library that are
doing (nearly) the same things, with potentially the same security
issues that we'd have to fix twice rather than once.

Why is it a security problem to have FFmpeg and Libav, but apparently no
problem to have MySQL, MariaDB and PerconaDB?

Raphael Geissert already wrote that mysql/mariadb/percona will be
addressed as well; we haven't come around to since since we need to
deal with a lot of stuf and being dragged into endless discussions
on -devel is certainly not helpful.

I don't remember Raphael Geissert writing anything about security concerns with having MySQL, MariaDB and PerconaDB, only that you wrote half a year ago, that the security team will "be working with the release team to sort this out for jessie" [1].

As I haven't seen any further discussion about this and the recent mail about MySQL, MariaDB and PerconaDB on debian-devel [2] indicated that the plan was to have all of them as alternatives, I assumed this was resolved.

There wouldn't be any discussion about the security of FFmpeg and Libav as well, if you hadn't started it [3].

Why is FFmpeg treated differently than MariaDB/PerconaDB?

Best regards,

1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729203#435
2: https://lists.debian.org/debian-devel/2014/08/msg00016.html
3: https://lists.debian.org/debian-devel/2014/02/msg00668.html

Reply to: