Hi Thomas,
On 18.08.2014 08:36, Thomas Goirand wrote:
There's been a very well commented technical reason stated here: the
release team don't want to deal with 2 of the same library that are
doing (nearly) the same things, with potentially the same security
issues that we'd have to fix twice rather than once.
Why is it a security problem to have FFmpeg and Libav, but apparently no
problem to have MySQL, MariaDB and PerconaDB?
This seems quite arbitrary to me, especially since there have been
already 36 CVEs in 2014 for MySQL [1], of which 26 apparently are also
relevant for MariaDB [2] and PerconaDB [3], but only 7 for FFmpeg [4]
and 8 for Libav [5] in the same time.
Best regards,
Andreas
1: https://security-tracker.debian.org/tracker/source-package/mysql-5.5
2: https://security-tracker.debian.org/tracker/source-package/mariadb-5.5
3:
https://security-tracker.debian.org/tracker/source-package/percona-xtradb-cluster-5.5
4: https://security-tracker.debian.org/tracker/source-package/ffmpeg
5: https://security-tracker.debian.org/tracker/source-package/libav
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53f1e5f9.4030...@googlemail.com
