Le dimanche 18 juillet 2010 12:00:47 Reinhard Tartler, vous avez écrit :
> >> So this piece of information is pretty useless for identifying
> >> missing changes in 0.8.x.
> > 
> > That's not my problem (anymore). We have made about twenty releases, from
> > four different branches since Debian Stable has last updated. The
> > VideoLAN does not have the resources to maintain four branches at a
> > time. But, in fact, that is irrelevant because Debian does _not_ follow
> > our updates anyway. Otherwise they would at least have 0.8.6i. So
> > keeping the 0.8-bugfix branch alive would have been a pure waste of
> > time.
> 
> TBH, I was totally unaware of the 0.8.6i release and about its changes.
> I've just taken a look at its gitweb:
> 
> http://git.videolan.org/?p=vlc/vlc-0.8.git;a=shortlog;h=refs/tags/0.8.6i
> 
> To me, it indeed seems to be a good idea to upload this either to
> lenny-security or lenny-proposed.

It would have been a good idea two years ago. Now is a bit late. I doubt 
anyone will ever feel so bored that (s)he would go throug the thousands of 
changes from 0.8.6i to 1.1.0 to extract the security-relevant or whatever 
applicable fixes.

> > I am not aware of any entity (in general) following any of the older
> > branches, 0.8, 0.9 and 1.0. I only know:
> > - entities not updating (at all), and
> > - entities following the very latest version.
> > And indeed, polls for interested parties in maintaining each of the older
> > branches have all been left without answers this far.
> 
> I'm not aware of neither these changes you're talking about, nor about
> these polls. What, in your opinion, should the pkg-multimedia team, or
> if you prefer, Debian as a project, have done to be aware of those
> changes and the polls?

Don't you already have people reading vlc-devel?

> > Canonical puts VLC in universe, wash their hands as far support is
> > concerned. But Debian pretends to support VLC except it does not.
> 
> The bottom line in both distros is the same: For both distros,
> maintaining vlc is a community effort, and in both cases, we face the
> similar symptoms. My hypothesis is in both cases that maintaining vlc
> properly is too hard.

The VideoLAN project maintains VLC properly as a pure community effort. 
Contrary to Ubuntu or even indirectly Debian, we have no sponsored staff.

Maintaining a fork of VLC, and in fact, the whole Linux ecosystem, has got to 
be "too hard". I doubt a dedicated "stable security team" can ever support a 
stable system for years with as many thousands packages as Debian has. If it 
were up to me, I'd decree the respective package maintainers are responsible 
for (most of the work of) stable updates.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis

_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to