Re: Select provider of libav* libraries

2015-05-18 Thread Alessio Treglia
Ciao Alessandro, and thanks for sharing your thoughts, it's genuinely appreciated. On Mon, May 18, 2015 at 1:26 PM, Alessandro Ghedini gh...@debian.org wrote: And it's already clear that libav just doesn't provide enough security coverage, Can you please elaborate? AFAICS the versions in

Re: Select provider of libav* libraries

2015-05-18 Thread Jonas Smedegaard
Quoting Alessandro Ghedini (2015-05-18 14:33:18) On Mon, May 18, 2015 at 11:15:04AM +0200, Jonas Smedegaard wrote: There are multiple ways to handle packages unsuitable for long-term maintenance: * Treat as experimental - e.g. mpv How is mpv unsuitable for long-term maintainance? Oh, I

Re: Select provider of libav* libraries

2015-05-18 Thread Bálint Réczey
Hi Reinhard, 2015-05-18 12:16 GMT+02:00 Reinhard Tartler siret...@gmail.com: ... These days, FFmpeg for sure asks for most (if not all) CVE numbers recently assigned, and claims to provide patches for them. FFmpeg not only claims to provide patches, but actually does provide them:

Re: Select provider of libav* libraries

2015-05-18 Thread Alessandro Ghedini
On Sun, May 17, 2015 at 10:53:37PM +0200, Jonas Smedegaard wrote: Quoting Alessandro Ghedini (2015-05-17 21:58:15) The issues mentioned in the page were hardly wide ranging. One was about the fact that libav doesn't implement some video filters, which forces mpv to carry its own

Re: Request to Join Project Debian Multimedia Maintainers from Fabian Greffrath (fabian)

2015-05-18 Thread Bálint Réczey
2015-05-18 14:29 GMT+02:00 Felipe Sateler fsate...@debian.org: On 18 May 2015 at 05:55, IOhannes m zmölnig (Debian/GNU) umlae...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2015-05-18 10:04, nore...@alioth.debian.org wrote: Joining with my fab...@debian.org

Re: Select provider of libav* libraries

2015-05-18 Thread Alessandro Ghedini
On Mon, May 18, 2015 at 11:15:04AM +0200, Jonas Smedegaard wrote: There are multiple ways to handle packages unsuitable for long-term maintenance: * Treat as experimental - e.g. mpv How is mpv unsuitable for long-term maintainance? * Have security team treat as too unreliable - e.g.

Re: Select provider of libav* libraries

2015-05-18 Thread Alessandro Ghedini
On lun, mag 18, 2015 at 01:47:25 +0100, Alessio Treglia wrote: Ciao Alessandro, and thanks for sharing your thoughts, it's genuinely appreciated. On Mon, May 18, 2015 at 1:26 PM, Alessandro Ghedini gh...@debian.org wrote: And it's already clear that libav just doesn't provide enough

Re: Select provider of libav* libraries

2015-05-18 Thread Jonas Smedegaard
Quoting Dmitry Smirnov (2015-05-17 03:28:28) I also found an interesting comparison where mpv upstream shares their assessment of the problem: https://web.archive.org/web/20150115005029/https://github.com/mpv-player/mpv/wiki/FFmpeg-versus-Libav Quoting Alessandro Ghedini (2015-05-18

Processed: tagging 785141

2015-05-18 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: tags 785141 + unreproducible Bug #785141 [inkscape] inkscape crashes when opening any files if there are strange items in the recent files list Added tag(s) unreproducible. thanks Stopping processing here. Please contact me if you need

Bug#758986: marked as done (inkscape: Inkscape crashes printing to Postscript from the command line)

2015-05-18 Thread Debian Bug Tracking System
Your message dated Mon, 18 May 2015 18:21:15 +0200 with message-id 20150518162115.GA5886@localhost and subject line Re: Fixed upstream in 0.91 has caused the Debian Bug report #758986, regarding inkscape: Inkscape crashes printing to Postscript from the command line to be marked as done. This

Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c

2015-05-18 Thread Alessandro Ghedini
On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On

Re: Select provider of libav* libraries

2015-05-18 Thread Bálint Réczey
2015-05-18 17:50 GMT+02:00 Jonas Smedegaard d...@jones.dk: ... and I don't really understand why you are asking for explanation. I thought is was obvious from above that I merely bounced a question asked by Alessandro back to himself. I suggest stopping that. Define how you quantify long-term

Re: Select provider of libav* libraries

2015-05-18 Thread Jonas Smedegaard
Quoting Bálint Réczey (2015-05-18 16:59:34) 2015-05-18 16:45 GMT+02:00 Jonas Smedegaard d...@jones.dk: Quoting Alessandro Ghedini (2015-05-18 14:33:18) On Mon, May 18, 2015 at 11:15:04AM +0200, Jonas Smedegaard wrote: There are multiple ways to handle packages unsuitable for long-term

Processed: severity of 785141 is normal

2015-05-18 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: severity 785141 normal Bug #785141 [inkscape] inkscape crashes when opening any files if there are strange items in the recent files list Severity set to 'normal' from 'important' thanks Stopping processing here. Please contact me if you need

Bug#731973: marked as done (inkscape presumably built against pre-stable libraries)

2015-05-18 Thread Debian Bug Tracking System
Your message dated Mon, 18 May 2015 18:39:09 +0200 with message-id 20150518163909.GA7476@localhost and subject line Re: inkscape presumably built against pre-stable libraries has caused the Debian Bug report #731973, regarding inkscape presumably built against pre-stable libraries to be marked as

Re: [SCM] multimedia-blends/master: Fix errors from log add first RFP starting with H

2015-05-18 Thread Felipe Sateler
On 18 May 2015 at 15:49, ross-gu...@users.alioth.debian.org wrote: The following commit has been merged in the master branch: commit 0c491f273939fc71808989727f71351be3893661 Author: Ross Gammon rossgam...@mail.dk Date: Mon May 18 20:48:23 2015 +0200 Fix errors from log add first RFP

Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c

2015-05-18 Thread Sebastian Ramacher
On 2015-05-18 20:01:47, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian

Re: Select provider of libav* libraries

2015-05-18 Thread Andreas Cadhalpun
Hi Reinhard, On 18.05.2015 12:16, Reinhard Tartler wrote: Please excuse my previous unfinished reply, it was sent in accident. No problem, such things can happen. I'm not sure if this post really adds to this discussion, please consider it as clarifications to my previous post. I find it

Bug#785650: mpv will not launch

2015-05-18 Thread Norman Ramsey
Package: mpv Version: 0.6.2-2 Severity: grave Justification: renders package unusable Dear Maintainer, * What led up to the situation? I wanted to play a video. * What exactly did you do (or not do) that was effective (or ineffective)? At a shell prompt, I typed /usr/bin/mpv

ffms2_2.21-1_amd64.changes is NEW

2015-05-18 Thread Debian FTP Masters
binary:libffms2-4 is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the

Processing of ffms2_2.21-1_amd64.changes

2015-05-18 Thread Debian FTP Masters
ffms2_2.21-1_amd64.changes uploaded successfully to localhost along with the files: ffms2_2.21-1.dsc ffms2_2.21.orig.tar.gz ffms2_2.21-1.debian.tar.xz ffmsindex_2.21-1_amd64.deb libffms2-4_2.21-1_amd64.deb libffms2-dev_2.21-1_amd64.deb Greetings, Your Debian queue daemon

Re: [SCM] multimedia-blends/master: Fix errors from log add first RFP starting with H

2015-05-18 Thread Ross Gammon
On 05/18/2015 08:52 PM, Felipe Sateler wrote: On 18 May 2015 at 15:49, ross-gu...@users.alioth.debian.org wrote: The following commit has been merged in the master branch: commit 0c491f273939fc71808989727f71351be3893661 Author: Ross Gammon rossgam...@mail.dk Date: Mon May 18 20:48:23 2015

Re: [SCM] multimedia-blends/master: Fix errors from log add first RFP starting with H

2015-05-18 Thread Ross Gammon
On 05/18/2015 09:38 PM, Ross Gammon wrote: On 05/18/2015 08:52 PM, Felipe Sateler wrote: On 18 May 2015 at 15:49, ross-gu...@users.alioth.debian.org wrote: The following commit has been merged in the master branch: commit 0c491f273939fc71808989727f71351be3893661 Author: Ross Gammon

Re: Select provider of libav* libraries

2015-05-18 Thread Reinhard Tartler
On May 15, 2015 4:56 PM, Andreas Cadhalpun andreas.cadhal...@googlemail.com wrote: Hi Reinhard, thanks for explaining your point of view here. On 15.05.2015 09:23, Reinhard Tartler wrote: Thanks for this insightful post, Dmitry, On Mon, May 11, 2015 at 5:44 AM, Dmitry Smirnov

Re: Request to Join Project Debian Multimedia Maintainers from Fabian Greffrath (fabian)

2015-05-18 Thread Debian/GNU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2015-05-18 10:04, nore...@alioth.debian.org wrote: Joining with my fab...@debian.org account. congratulations fabian, for becoming a DD! fgmsdr IOhannes -BEGIN PGP SIGNATURE- Version: GnuPG v2

Re: Select provider of libav* libraries

2015-05-18 Thread Jonas Smedegaard
Quoting IOhannes m zmölnig (Debian/GNU) (2015-05-18 09:36:51) On 2015-05-17 22:53, Jonas Smedegaard wrote: I use bleeding edge tools for some of my own work. And I use FFmpeg for some of that. But I will continue to use bleeding edge tools for that work - which renders it irrelevant for

Re: Select provider of libav* libraries

2015-05-18 Thread Reinhard Tartler
Please excuse my previous unfinished reply, it was sent in accident. I'm not sure if this post really adds to this discussion, please consider it as clarifications to my previous post. On May 15, 2015 4:56 PM, Andreas Cadhalpun I think security is not a decisive topic where either project

Processed: your mail

2015-05-18 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: # bugs with submitter fab...@greffrath.com submitter 692141 ! Bug #692141 {Done: Andreas Henriksson andr...@fatal.se} [gnome-menus] gnome-menus: Please black-list that Imagemagick (display) icon Changed Bug submitter to 'fab...@debian.org' from