On 26.09.2014 22:55, Moritz Muehlenhoff wrote:
On Fri, Sep 26, 2014 at 10:56:08PM +0200, Cyril Brulebois wrote:[ Not speaking for any team. ] Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> (2014-09-26):FFmpeg was recently accepted into the Debian archive by the FTP team. We plan to upload it to unstable soon, so that it can be part of Jessie. If you have any concerns about this, now would be a good time to start discussing them in order to find a solution for Jessie.I think those concerns have been raised already, with the bottom line roughly being: it's either libav or ffmpeg, not both?Indeed.
And why?In my opinion upstreams' security support for FFmpeg is better than that of most other packages in Debian.
Security updates are a simple matter of packaging a new point release from upstream. The work for the security team would be limited to reviewing the upstream changes and sending out a DSA.
Additionally the security of FFmpeg has improved quite a bit so that nowadays there a far fewer CVEs for it than e.g. for MySQL.
And besides, FFmpeg is in a way already in the current stable release in addition to Libav, because chromium uses an embedded code copy of it.
Best regards, Andreas