Control: owner -1 !Control: retitle -1 ITP: ffmpeg -- complete, cross-platform solution to record, convert and stream audio and video
Hi all,I intend to package and maintain FFmpeg for Debian. Co-maintainers are welcome.
The security team is invited to discuss why FFmpeg is security-wise better than libav at any time.
Should someone disagree, I would be very interested in an explanation of the current state of the security tracker for libav [1], as *all* issues currently marked as open for libav are CVEs issued by FFmpeg about problems they fixed [2]. One, CVE-2011-3935, is even several years old *and* fixed for the FFmpeg in old-stable! I don't know whether to laugh or cry.
As stated previously, I don't have a problem with having both FFmpeg and libav in Debian, but if the security has, I suggest convincing the relevant maintainers to transition from libav to FFmpeg.
Now, as a way forward, I suggest an upload of FFmpeg to experimental first. Since gcc-4.9 is broken, the test results have to be ignored for this upload (make -i check) to allow FFmpeg to build. This should show if there are any problems with building on some architectures. When these are fixed (if any) FFmpeg can be uploaded to unstable.
Antoine, are you willing to sponsor this, maybe becoming a co-maintainer?Rogério, it would be great if you could package libvidstab for jessie. I think many people would like to use it.
In the not too far future, the long term supported FFmpeg 2.2 will be released, which I intend to get into jessie.
Comments and suggestions are welcome, FUD about FFmpeg is not. Best regards, Andreas 1: https://security-tracker.debian.org/tracker/source-package/libav 2: https://ffmpeg.org/security.html
Attachment:
ffmpeg_2.1.3-1.debian.tar.xz
Description: Binary data