Re: FFmpeg in Jessie

To: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, Cyril Brulebois <kibi@debian.org>, Debian Release Team <debian-release@lists.debian.org>, Debian Security Team <team@security.debian.org>, Niv Sardi <xaiki@debian.org>, Alexander Strasser <eclipse7@gmx.net>, Michael Niedermayer <michael@niedermayer.cc>
Subject: Re: FFmpeg in Jessie
From: Andreas Barth <aba@ayous.org>
Date: Fri, 26 Sep 2014 23:28:25 +0200
Message-id: <[🔎] 20140926212825.GM20713@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@ayous.org>, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>, Moritz Muehlenhoff <jmm@inutil.org>, Cyril Brulebois <kibi@debian.org>, Debian Release Team <debian-release@lists.debian.org>, Debian Security Team <team@security.debian.org>, Niv Sardi <xaiki@debian.org>, Alexander Strasser <eclipse7@gmx.net>, Michael Niedermayer <michael@niedermayer.cc>
In-reply-to: <[🔎] 5425D984.2070201@googlemail.com>
References: <[🔎] 5425CBBD.7000707@googlemail.com> <[🔎] 20140926205608.GT2653@mraw.org> <[🔎] 20140926205545.GA16727@inutil.org> <[🔎] 5425D984.2070201@googlemail.com>

* Andreas Cadhalpun (andreas.cadhalpun@googlemail.com) [140926 23:24]:
> On 26.09.2014 22:55, Moritz Muehlenhoff wrote:
>> On Fri, Sep 26, 2014 at 10:56:08PM +0200, Cyril Brulebois wrote:
>>> [ Not speaking for any team. ]
>>>
>>> Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> (2014-09-26):
>>>> FFmpeg was recently accepted into the Debian archive by the FTP team.
>>>>
>>>> We plan to upload it to unstable soon, so that it can be part of Jessie.
>>>>
>>>> If you have any concerns about this, now would be a good time to
>>>> start discussing them in order to find a solution for Jessie.
>>>
>>> I think those concerns have been raised already, with the bottom line
>>> roughly being: it's either libav or ffmpeg, not both?
>>
>> Indeed.
>
> And why?

> In my opinion upstreams' security support for FFmpeg is better than that  
> of most other packages in Debian.
>
> Security updates are a simple matter of packaging a new point release  
> from upstream. The work for the security team would be limited to  
> reviewing the upstream changes and sending out a DSA.
>
> Additionally the security of FFmpeg has improved quite a bit so that  
> nowadays there a far fewer CVEs for it than e.g. for MySQL.

That sounds like we should drop libav and release with ffmpeg. Is this
also the opinion of the libav maintainers? Or is there a strong reason
why this is not possible?


Andi

Reply to:

Follow-Ups:
- Re: FFmpeg in Jessie
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: FFmpeg in Jessie
  - From: Cyril Brulebois <kibi@debian.org>
- Re: FFmpeg in Jessie
  - From: Julien Cristau <jcristau@debian.org>
- Re: FFmpeg in Jessie
  - From: Reinhard Tartler <siretart@gmail.com>
- Re: FFmpeg in Jessie
  - From: Alessio Treglia <alessio@debian.org>

References:
- FFmpeg in Jessie
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: FFmpeg in Jessie
  - From: Cyril Brulebois <kibi@debian.org>
- Re: FFmpeg in Jessie
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: FFmpeg in Jessie
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

Prev by Date: Re: FFmpeg in Jessie
Next by Date: Re: FFmpeg in Jessie
Previous by thread: Re: FFmpeg in Jessie
Next by thread: Re: FFmpeg in Jessie
Index(es):
- Date
- Thread