Hi Didier, On 31.07.2014 22:36, Didier 'OdyX' Raboud wrote:
Le jeudi, 31 juillet 2014, 22.19:28 Pau Garcia i Quiles a écrit :How is it better to have libav, which does a lot less security bugfixing, in?Our security team has to prepare the libav updates over the lifetime of wheezy anyway.
As far as I know, both the updates for Libav and FFmpeg are prepared by their respective upstreams, then integrated into the Debian packages by the respective maintainers and only then comes work for the security team in reviewing the patches and writing a DSA.
Introducing ffmpeg in jessie (with or without dropping libav) means (at least) duplicating that work.
Since all the updates for Libav are merged by FFmpeg, it's not really duplicated work. At least in theory only the additional fixes of FFmpeg would have to be reviewed additionally.
Best regards, Andreas