Bug#729203: Packaging for FFmpeg avoiding conflicts with libav

[Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>]

Hi Antoine,

On 22.02.2014 18:56, Antoine Beaupré wrote:
> On 2014-02-22 12:39:20, Andreas Cadhalpun wrote:
>> Thus I have started from scratch and packaged FFmpeg 2.1.3 [1] (see
>> attached debian.tar.xz).
>
> Awesome!

;)

> > I have taken care to avoid conflicts with libav as far as possible, but
> > the development files have to conflict, as it is really no good idea to
> > build against both ffmpeg and libav at the same time.
>
> You mean the -dev libraries?

Yes.

> > The ffmpeg package does not provide qt-faststart to avoid a conflict
> > with libav-tools.
>
> Fair enough - there could be a qt-faststart binary package which could
> conflict with libav-tools.

Upstream thinks qt-faststart is not used very often nowadays and there 
are not many differences between the ffmpeg and the libav version. So 
anyone who needs qt-faststart can install libav-tools. I don't see a 
need for a qt-faststart binary package, but if there were bugs in the 
libav version that are not in the ffmpeg version, we could create a 
qt-faststart package.

> > I'm not sure if this package will build on every architecture, because I
> > can't test that.
>
> Maybe an upload to experimental could test that? :)

I intended to suggest this first, but unfortunately something in 
experimental is broken, which leads to a test failure of ffmpeg, more 
specifically the test acodec-flac fails in experimental.
It doesn't fail in unstable and testing, so an upload to unstable should 
be fine.
But if it fails to build on some architecture, it will not enter 
testing, so there should be no problem in uploading to unstable.

> > I fixed most of the lintian problems, but some remain:
> >
> >    * E: debian-watch-file-pubkey-file-is-missing:
> >         This is a bug in lintian [2].
> >    * E: embedded-library: I don't understand this one:
> >         Does it complain about libavfilter embedding libavfilter?
> >         Seems like a bug in lintian.
>
> Not sure about those.

Well, the first is a bug in lintian due to the transition from 
debian/upstream-signing-key.pgp to 
debian/upstream/signing-key.{asc,pgp}, discussed on debian-devel recently.
The second is a mystery to me.

> >    * W: manpage-has-errors-from-man:
> >         I don't know how to fix the manpages. Can someone help?
>
> I had the manpage errors as well, I think we can ignore those for now.

I figured this as well, but maybe someone knows how to fix it.

> > With this package, users can install either ffmpeg or libav-tools and
> > developers can either depend on lib*-ffmpeg-dev or on lib*-dev and
> > everyone should be happy.
>
> That would be awesome.

Exactly my opinion. ;)
By the way, of course users can also install both ffmpeg and libav-tools 
and also packages build against ffmpeg and other packages build against 
libav.

> > Adrian, do you agree that this is sane?
> >
> > If the security team is not willing to support both, they can ask the TC
> > to decide which one to use, but this does not prevent an upload of FFmpeg.
>
> I don't see why security would complain: as things stand there are
> hundreds of security issues that have been fixed in ffmpeg (see the
> Google audit) which have not been fixed in libav... It seems to me
> ffmpeg is only more secure than libav at this point...

Previously, Moritz Mühlenhoff from the security team voiced his concerns 
about having to apply security fixes for both [1]:
"But we still try to minimise such cases as much as possible. And for
libav/ffmpeg this simply isn't managable at all due to the huge stream
of security issues trickling in. We need definitely need to pick one
solution only."

I do not share these concerns, as there are e.g. mysql and mariadb 
happily coexisting, but then again, I'm not on the security team.

But should they decide that it will not be possible to support both 
packages for security updates, your argumentation would clearly favor 
ffmpeg over libav, probably leading to the removal of libav from the 
archive.
From my point of view this would be wrong, as I think the users and 
developers should decide for themselves, which package they want to use, 
and preventing one from being distributed in Debian only produces a 
great amount of dissatisfaction and unhappiness among the users and 
developers.

> > I think this package is ready for upload, but I'm neither DD nor DM, so
> > I can't do this.
>
> I would be hesistant in doing so, considering the controversy, but if we
> reach consensus here, i'd be happy to sponsor it.

As I understand it, the whole controversy here was about a conflict 
between FFmpeg and libav due to having the same sonames. My packaging 
avoids this, so the only remaining issue raised so far is the security 
teams concern.

But if you have some time to review my packaging, I would be grateful 
for any comments/improvements.

Best regards,
Andreas


1: https://lists.debian.org/debian-devel/2014/02/msg00668.html