On 26.11.2011 16:47, Thomas Backlund wrote: > 26.11.2011 16:15, Anssi Hannula skrev: >> On 26.11.2011 09:54, zezinho wrote: >>> Le samedi 26 novembre 2011 02:31:43, Anssi Hannula a écrit : >>>> About 75% of the crash issues fixed by the above 0.7 commits affect >>>> mga1 >>>> 0.6.x, with a sample size of 70 commits. >>> >>> So maybe we should consider ffmpeg as Firefox : a software we must >>> upgrade >>> because upstream fixes security only in latest version. >> >> Unfortunately FFmpeg is much less 'stable' than firefox in both its >> dependencies and API across different series. Meaning that upgrade of >> FFmpeg often requires upgrade of libx264 (like in 0.6->0.7), or requires >> changes in software that uses FFmpeg (0.6->0.7 doesn't, however). >> >> The "easy" way out in this case could be upgrading FFmpeg 0.6->0.7 and >> x264 and doing extensive Q&A to avoid breakage. The "hard" way is >> backporting the ~200 relevant patches (most of which don't apply >> automatically). >> > > And you dont think upgrading to a new ffmpeg will bring new bugs and > need for new fixes...
Hence the quotes around "easy" and "hard". > We dont even have BR about those bugs in our bugzilla, so apparently > they are not that important or not easy to hit. > > > The real easy way is: just apply the 5 security fixes and be done with it. > > > https://wiki.mageia.org/en/Updates_policy > "For the most part, an update should consist of a patched build of the > same version of the package released with the distribution" > > > If we start the "look at upstream, there are X number of fixes not in > our package", where does it end ?? > > We will soon have to do it for every package, and that is Cauldron or a > rolling release, not really a stable release. Obviously only security fixes are relevant. > And we dont have the manpower in QA to start a updating frenzy like this. > > The point is simple: software _always_ have bugs. Thats a fact. > > upgrading from one version to another does not only "fix bugs", > it's also "replacing old bugs" with "new ones" (BTW, I wasn't advocating upgrading FFmpeg 0.6->0.7, though admittedly my post was badly worded so it might've looked like I was) -- Anssi Hannula