On Tue, 5 Jul 2022 10:13:20 +0200 Sebastian Ramacher <sramac...@debian.org> wrote:
> > > Reverse dependencies had 4 months to fix their bugs, so I'm going > > > ahead with this one. > > > > Not even close to enough time for all affected upstream teams. > > The 4 months only reflects the Debian timeline. If upstreams are not > able to track the constant changes in ffmpegs API, please propose to > them to switch to higher level abstractions such as ffms2 or gstreamer. Certainly one can propose. However, one cannot really expect upstream to change their architecture away from ffmpeg by a given time any more than one can expect them to adapt to ffmeg ABI break in that time. > > Debian has GTK3 and GTK4, Qt5 and Qt6 etc., it's not ideal and it is a > > lot of work but it may be necessary to have libavcodec4-dev and > > libavcodec-dev with a new source package ffmpeg4 alongside ffmpeg. > > ffmpeg has a bad history of security issues including RCEs. That's a fair observation, and one that deserves to be taken into consideration. Another observation: the ffmeg hard transition means that some packages will either be removed or seriously degraded -- as one example, digikam has lost ability to process video over this [1]. I think that overall usability of the distribution is an important consideration in making design choices. Certainly one doesn't want a distribution riddled with security issues; nor does one want functionality removed. So the question is really one of balance. If ffmpeg 4 and 5 are both offered, with packages strongly encouraged to migrate: the distribution overall has improved security stance AND it retains more functionality. -Steve [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004769
signature.asc
Description: This is a digitally signed message part.
