On Di, Apr 06, 2010 at 07:45:18 (CEST), Michael Gilbert wrote:

> On Tue, 06 Apr 2010 07:32:36 +0200 Reinhard Tartler wrote:
>> On Tue, Apr 06, 2010 at 06:33:12 (CEST), Michael Gilbert wrote:
>> > fyi, i've just tested upstream mplayer svn 20100405. it does not crash
>> > with lol-mplayer.mpg.  on the other hand, the currently packaged
>> > version, svn 20090405, still crashes.  does it make sense to upgrade to
>> > a newer upstream version? thanks.
>> The newer mplayer won't work with our system ffmpeg, so we would need to
>> compile in ffmpeg statically? Would this be acceptable for the security
>> team? I suppose not.
> not likely.  is it because mplayer uses an old/incompatible ffmpeg?
> could you convince them to keep in sync?

mplayer includes various FFmpeg components via svn:externals, so FFmpeg
is always kept in sync by definition. Splitting FFmpeg apart is not
easy, as various parts of mplayer use internals of FFmpeg. This whole
dynamic linking only works at all because I personally make sure that
mplayer's copy of FFmpeg is kept in sync with debian's system FFmpeg.

>> Moreover, ftp-master blocks any work on mplayer. If you could talk to
>> someone to get mplayer out of (binary) NEW, that would allow me to work
>> again on the package.
> i had no idea.  what do they disapprove about the package?  i suppose i
> could send a message indicating that some action really needs to be
> taken since this issue does have security relevance.

I'd appreciate that. And feel free to copy leader@

Reinhard Tartler, KeyID 945348A4

pkg-multimedia-maintainers mailing list

Reply via email to