On Sat, Dec 03, 2011 at 02:01:34PM +0000, Manuel A. Fernandez Montecelo wrote: > I was thinking about disable the in-source use of timidity in > SDL_mixer, mostly because it's an in-source copy of the code (which > can make SDL_mixer and programs using it exploitable). However I > don't know if this is possible, I don't know much about MIDI, and just > took over maintenance of this package. Can you help me to make some > informed decision?
Greetings. First, thank you for taking over SDL_mixer! Now, about timidity and MIDI music. Of course the version of timidity embedded in SDL_mixer is very old (before it was forked off into timidity++) because of licensing conflicts, and bug reports like this one have been because of its bugs and shortcomings. I don't know about any security holes in the old version of timidity, though -- are there any security alerts posted anywhere? Unfortunately, native_midi_gpl isn't very flexible. It hits the hardware (GUS, AWE, FM or OPL3) directly, which isn't very clean or compatible. So I'd recommend leaving timidity enabled even if native_midi_gpl is enabled, just from a usability perspective. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org