[Spice-devel] [PATCH] make celt to be optional

Marc-André Lureau marcandre.lureau at gmail.com
Tue Jun 12 09:30:36 PDT 2012 

Hi

On Tue, Jun 12, 2012 at 5:35 PM, Ron <ron at debian.org> wrote:
> The bitstream has been frozen for just a tad under a year now.

I don't know how you can claim that: http://www.opus-codec.org/downloads/

The bit-stream has not changed, except for some corner cases that are
unlikely to happen in the real world.
[   ] opus-0.9.9.tar.gz                                  18-Feb-2012
16:20  710K

If it is, can you point to an official release note stating it clearly
"bitstream is frozen" or compatible with any further release?

> The API is frozen.
>
> The working group and IETF last calls are over.
>
> The IESG telecon has been held and has approved passing this.
>
> The only thing we're effectively waiting on before the RFC is officially
> published now is for this to pass through -editors.  And they aren't going
> to edit anything that changes the API or bitstream.
>
> Fedora is shipping Opus packages now, as is Debian.

This is not helping, we have implementations not really frozen.

> So if say, a later version of celt was found to have issues, which were
> fixed in that later version, and which led normally very reliable upstream
> developers to suggest that at least some earlier versions may be at risk
> of being crashed remotely ...  then what would you do?
>
> Given that nobody is working on celt *at all* anymore, and there are no
> simple patches being produced for this that you can Just Apply to it, how
> exactly would you plan to "certainly update it"?  Since the only "certain"
> update is not bitstream compatible with the celt you currently use.

We would make a release, just like there has been several 0.5.1 releases:
http://downloads.us.xiph.org/releases/celt/celt-0.5.1.tar.gz vs
http://downloads.us.xiph.org/releases/celt/celt-0.5.1.3.tar.gz

Since no releases happened recently, I assume no security issues are known.
As I said, it would be quite critical for the Spice project to rely on a celt
release with security issues. As long as spice support 0.5.1 (which is likely
for a long time still) there will be new releases or fix when necessary.

> I'm not suggesting you need to panic and do anything silly.  But the time
> to start addressing the real future of this _is_ now.

It will be when there is an official and clear announcement that the opus
library implementation has frozen bit-stream (or any further release will be
bit-stream compatible)

-- 
Marc-André Lureau

More information about the Spice-devel mailing list