mavit wrote: > Fletch;241739 Wrote: >> Yeah, I figured since I got burned with an old version of flac, it could >> happen with sox too. mysql-server is the only dependency. > > This doesn't sound like a good approach to me. You're bundling flac > 1.1.1, presumably without the security fixes included in 'flac 1.2.1' > (http://flac.sourceforge.net/changelog.html#flac_1_2_1). Even if you > include flac 1.2.1, we can't expect you to respond to any future > problems as quickly as the distribution vendor.
Actually, it's not as simple as that. The latest flac available on Fedora 7 is 1.1.2. 1.2.1 is available on Fedora 8, but that's only just been released. I'm sure it's a similar story for other distributions. The problem arises when various other software is built against the flac libraries. Upgrading to 1.2.1 (or whatever) would require the rebuilding of all those other packages too. R. _______________________________________________ beta mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/beta
