[gst-devel] [gst-cvs] thomasvs gst-ffmpeg: gst-ffmpeg/ gst-ffmpeg/ext/ffmpeg/

Loïc Minier lool+sf at via.ecp.fr
Wed Feb 14 10:16:07 CET 2007

On Tue, Feb 13, 2007, Ronald S. Bultje wrote:
> I don't know what you guys smoke, but don't do this, it's a bad idea  
> [tm].

 I am aware of the consensus against such a practice among the GStreamer
 developers, but you have to take into account the load in case of
 security fixes for distributions as well.

 I'm not in favor for such a split in gst-ffmpeg which is very special
 in the way it intereacts with ffmpeg, but I think it is needed for most
 software building against ffmpeg such as mplayer, vlc, or xine-lib.
 gst-ffmpeg is special in that it maps higher level concepts to the
 "simple" concepts exposed in the ffmpeg API, and hence it really needs
 an up-to-date mapping between the two, so I think it warrants an
 exception. (Oh well, you know all this.)

 Nevertheless, you'll see Debian switch gst-ffmpeg to the system ffmpeg
 in the next Debian release due to pressure to 1) include support for
 codecs of the system's ffmpeg in gst-ffmpeg and 2) avoid the code
 duplication (security team).

 Request of the security team to drop gst-ffmpeg (0.8) due to embedded

 Request to the technical comittee to rule for a system linking for the
 etch timeframe:
 (Result will likely be: not possible in the etch timeframe, must be
 implemented for lenny.)

 [ See <http://lists.debian.org/debian-devel/2006/12/threads.html#00138>
 for background (the thread was about the removal of GStreamer 0.8 but
 was hijacked by Josselin <http://np237.livejournal.com/11895.html> who
 wanted h264 and wmv9 support
 <http://lists.debian.org/debian-devel/2006/12/msg00140.html>). ]

 Sample painful handling of ffmpeg security issues; 6 uploads for the
 same two vulnerabilities; gst-ffmpeg:

 No, it's not funny, yes I would rather prefer shipping a tested
 gst-ffmpeg, but you can bet it wont be the case in Debian lenny.

Loïc Minier <lool at dooz.org>

More information about the gstreamer-devel mailing list