Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian

To: Josselin Mouette <joss@debian.org>
Cc: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
From: Pau Garcia i Quiles <pgquiles@elpauer.org>
Date: Thu, 31 Jul 2014 22:19:28 +0200
Message-id: <[🔎] CAKcBoksdj+bEzT9bkGbLSD41JxAhSSwmNjMna5_qWU+HBupaDw@mail.gmail.com>
In-reply-to: <[🔎] 1406836447.13071.3.camel@kagura.malsain.org>
References: <[🔎] 53D5895B.2090102@googlemail.com> <[🔎] lr7jjb$np3$1@ger.gmane.org> <[🔎] 53D7CF25.3040901@googlemail.com> <[🔎] 38022338.xExGetmtcr@eee> <[🔎] 53D80EDA.8040207@googlemail.com> <[🔎] 87ppgnhmym.fsf@windlord.stanford.edu> <[🔎] 53D82293.7010707@googlemail.com> <[🔎] 1406836447.13071.3.camel@kagura.malsain.org>

On Thu, Jul 31, 2014 at 9:54 PM, Josselin Mouette <joss@debian.org> wrote:

No FFmpeg security update is “minor”.

Almost each ffmpeg security bug is a code execution one. Almost each and
every one of them is hard to backport.

Those 10 security updates might represent more work than 100 *really*
minor security updates.

How is it better to have libav, which does a lot less security bugfixing, in?

I'd rather have a library that fixes bugs than one that passes in order to look "more secure". When in fact it's less.

--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

Reply to:

Follow-Ups:
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: "Didier 'OdyX' Raboud" <odyx@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Russ Allbery <rra@debian.org>

References:
- Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Raphael Geissert <geissert@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Raphael Geissert <geissert@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Josselin Mouette <joss@debian.org>

Prev by Date: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Next by Date: Bug#756654: ITP: rohc -- RObust Header Compression (ROHC) library
Previous by thread: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Next by thread: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Index(es):
- Date
- Thread