[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#395252: ignore bug 395252 'mplayer embeds ffmpeg' for lenny

On Wed, Jun 18, 2008 at 10:29:17AM +0100, Neil McGovern wrote:
> Neither, it's the RC policy which carries more weight than a RG:
> http://release.debian.org/lenny/rc_policy.txt
> 5a) Packages in the archive must not be so buggy or out of date that we
> refuse to support them.
> The security team has confirmed multiple times that this is no longer
> supportable.

Your phrase "no longer" confirms that there is a fundamental
misunderstanding in this point.

The package 'mplayer' is not 'so buggy', it has 40 bugs,
and that is average. 
The only RC bug that 'mplayer' has is 395252.

This bug says "mplayer requires too much security maintainance work due to
embedded ffmpeg copy".

But this "too much security work" was claimed even before etch was
released, and is a claim that had and still has no supporting facts.

Indeed 'mplayer' had 3 security updates so far in Etch. 
No one of those security updates was fixed by patching
code in the ffmpeg library.

So this whole bug 395252 is based on an apriori assumption;
moreover this assumption was proved wrong by facts.

Summarizing, you are deciding that mplayer is too buggy to be
supported because of a bug that claims that same argument.

Don't you see how circular this whole reasoning is?


Not to mention that, for reasons behond my comprehension,
mplayer is the only package targetted by this reasoning.

1) As I said in the other email, the policy 3.8.0
now contains a paragraph [14.3] against embedded copies,
that is though waived for Lenny. For some reasons, you
do not accept that mplayer be given the same treatment.

2) Another point is that
lists many packages which ship embedded copies.  One example is
mozilla/iceweasel/iceape.  Iceweasel had 9 security bugs in Etch.
Iceweasel has ~500 bugs (!!). So iceweasel should be kept out of
Lenny, since it contains embedded copies of code and is quite
buggy. But no one is ever posting this RC bug.  Why? Beats me.


Andrea Mennucc

"The EULA sounds like it was written by a team of lawyers who want to tell 
me what I can't do, and the GPL sounds like it was written by a human 
being who wants me to know what I can do."
Anonymous,    http://www.securityfocus.com/columnists/420

Attachment: signature.asc
Description: Digital signature

Reply to: