Package: tech-ctte Severity: normal Hi,
I kindly ask the Technical Committee to rule on the gstreamer0.10-ffmpeg case. The gstreamer0.10-ffmpeg package includes its own private ffmpeg copy and is built against it. Upstream's rationale is that ffmpeg's API and ABI aren't stable and that they need a frozen version. Linking to another ffmpeg version often requires changes to the code and means the software cannot be as widely tested as the upstream version. However, the multiple copies of ffmpeg in the archive have been responsible for a security nightmare during the sarge stable cycle. The security team has asked to replace all such private copies by dynamic linking to the debian ffmpeg packages. For example, this is holding mplayer out of etch. As I explained in the following thread: http://lists.debian.org/debian-devel/2006/12/msg00138.html linking to this ffmpeg version is not very complicated, and I asked the maintainers to migrate to it before the etch release. I submitted bug #402090 which contains a clean patch that I'm also in the process to make accepted upstream. However the maintainer does not want any such change before the release, and it turned out soon that we would not come to an agreement on this matter. Which is why I'm forwarding this issue to the Technical Committee. Regards, -- Josselin Mouette /\./\ "Do you have any more insane proposals for me?" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]