Re: Alpha version of libtheora in unstable seem like a bad idea

To: Sebastian Ramacher <sramacher@debian.org>, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Subject: Re: Alpha version of libtheora in unstable seem like a bad idea
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 03 Mar 2025 15:16:44 +0100
Message-id: <[🔎] sa6mse2xkqb.fsf@hjemme.reinholdtsen.name>
In-reply-to: <Z8WiSNGFQ0fV8ZgR@ramacher.at>
References: <sa67c5v4lbx.fsf@hjemme.reinholdtsen.name> <Z8WiSNGFQ0fV8ZgR@ramacher.at>

[Sebastian Ramacher]
> I am happy to revert to the old release. I was mostly looking for the
> optimizations for arm64 that the 1.2 alpha release has.

Aha.  Note, I do not know of any concrete problems with the 1.2 release,
and my scepsis is only based on my belief that it contain half baked
changes that was never properly verified.

> In any case, there is another question to be raised: with upstream
> inactive and an open CVE-2024-56431, is it time to start thinking of
> dropping libtheora?

I know ogg theora is still used quite a lot, so it should not be dropped
lightly.  I will poke the Xiph team about the need for a new release.  I
reminded them of the CVE on #xiph today, and there is at least some
people there talking about wrapping up a new release.

Perhaps I wrap up a new release myself, like I did with liboggz,
libkate, libfishsound and liboggplay, but I hope someone who know the
theora code base will step up instead.

Adding the multimedia team back, to make the rest of the team know about
the development.

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Alpha version of libtheora in unstable seem like a bad idea
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Processing of audtty_0.1.12-6_source.changes
Next by Date: libavif_1.2.0-1~exp1_source.changes ACCEPTED into experimental
Previous by thread: Processing of audtty_0.1.12-6_source.changes
Next by thread: Re: Alpha version of libtheora in unstable seem like a bad idea
Index(es):
- Date
- Thread