Hi Didier,
On 31.07.2014 22:36, Didier 'OdyX' Raboud wrote:
Le jeudi, 31 juillet 2014, 22.19:28 Pau Garcia i Quiles a écrit :
How is it better to have libav, which does a lot less security
bugfixing, in?
Our security team has to prepare the libav updates over the lifetime of
wheezy anyway.
As far as I know, both the updates for Libav and FFmpeg are prepared by
their respective upstreams, then integrated into the Debian packages by
the respective maintainers and only then comes work for the security
team in reviewing the patches and writing a DSA.
Introducing ffmpeg in jessie (with or without dropping
libav) means (at least) duplicating that work.
Since all the updates for Libav are merged by FFmpeg, it's not really
duplicated work. At least in theory only the additional fixes of FFmpeg
would have to be reviewed additionally.
Best regards,
Andreas
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53dab016.2020...@googlemail.com
