Re: ccextractor embeds unpatched and vulnerable source code from gpac in buster - 994746

To: Neil Williams <codehelp@debian.org>
Cc: debian-lts <debian-lts@lists.debian.org>
Subject: Re: ccextractor embeds unpatched and vulnerable source code from gpac in buster - 994746
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sat, 16 Oct 2021 16:10:39 +0530
Message-id: <[🔎] CAPP0f96mYngTy5BYMvOx-XmaQrY6TxBnpMBmTsg5goq=j9SGKA@mail.gmail.com>
In-reply-to: <20210927140433.293d6fbd@felix.codehelp>
References: <20210927140433.293d6fbd@felix.codehelp>

Hi Neil,

On Mon, Sep 27, 2021 at 6:34 PM Neil Williams <codehelp@debian.org> wrote:
> So far, opinion (Sebastien, Raphael & I) is all for option C: - leave
> ccextractor unchanged in buster.
>
> Have I missed another solution? Does anyone object to adopting solution
> C:?

I spent some time on this during my FD duty a couple of weeks ago and
then some more time this week and I think what you propose is the best
way forward. I could reproduce most™ of the things you mentioned and
came to the same conclusion. Option A, for sure, increases a lot of
technical debt, unnecessarily - a no-go. Option B, whilst seems
reasonable, also increases the debt (though) by half but is still a
whole lotta work for (very) little benefit! - a no-go. And so option
C, in my opinion, is the best way compromise we can do here and thus
the best plausible option we have. +1 to what you have proposed.

- u

Reply to:

Prev by Date: Re: [SECURITY] [DLA 2743-1] amd64-microcode security update
Next by Date: Re: [SECURITY] [DLA 2743-1] amd64-microcode security update
Previous by thread: Re: [SECURITY] [DLA 2743-1] amd64-microcode security update
Next by thread: TRA-2021-14/CVE-2021-20095 status
Index(es):
- Date
- Thread