Re: FFmpeg in Jessie
- To: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Cc: Moritz Muehlenhoff <jmm@inutil.org>, Cyril Brulebois <kibi@debian.org>, Debian Release Team <debian-release@lists.debian.org>, Debian Security Team <team@security.debian.org>, Niv Sardi <xaiki@debian.org>, Alexander Strasser <eclipse7@gmx.net>, Michael Niedermayer <michael@niedermayer.cc>
- Subject: Re: FFmpeg in Jessie
- From: Andreas Barth <aba@ayous.org>
- Date: Fri, 26 Sep 2014 23:28:25 +0200
- Message-id: <[🔎] 20140926212825.GM20713@mails.so.argh.org>
- Mail-followup-to: Andreas Barth <aba@ayous.org>, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Cyril Brulebois <kibi@debian.org>, Debian Release Team <debian-release@lists.debian.org>, Debian Security Team <team@security.debian.org>, Niv Sardi <xaiki@debian.org>, Alexander Strasser <eclipse7@gmx.net>, Michael Niedermayer <michael@niedermayer.cc>
- In-reply-to: <[🔎] 5425D984.2070201@googlemail.com>
- References: <[🔎] 5425CBBD.7000707@googlemail.com> <[🔎] 20140926205608.GT2653@mraw.org> <[🔎] 20140926205545.GA16727@inutil.org> <[🔎] 5425D984.2070201@googlemail.com>
* Andreas Cadhalpun (andreas.cadhalpun@googlemail.com) [140926 23:24]:
> On 26.09.2014 22:55, Moritz Muehlenhoff wrote:
>> On Fri, Sep 26, 2014 at 10:56:08PM +0200, Cyril Brulebois wrote:
>>> [ Not speaking for any team. ]
>>>
>>> Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> (2014-09-26):
>>>> FFmpeg was recently accepted into the Debian archive by the FTP team.
>>>>
>>>> We plan to upload it to unstable soon, so that it can be part of Jessie.
>>>>
>>>> If you have any concerns about this, now would be a good time to
>>>> start discussing them in order to find a solution for Jessie.
>>>
>>> I think those concerns have been raised already, with the bottom line
>>> roughly being: it's either libav or ffmpeg, not both?
>>
>> Indeed.
>
> And why?
> In my opinion upstreams' security support for FFmpeg is better than that
> of most other packages in Debian.
>
> Security updates are a simple matter of packaging a new point release
> from upstream. The work for the security team would be limited to
> reviewing the upstream changes and sending out a DSA.
>
> Additionally the security of FFmpeg has improved quite a bit so that
> nowadays there a far fewer CVEs for it than e.g. for MySQL.
That sounds like we should drop libav and release with ffmpeg. Is this
also the opinion of the libav maintainers? Or is there a strong reason
why this is not possible?
Andi
Reply to: