[FFmpeg-devel] Reintroducing FFmpeg to Debian
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Mon Aug 18 13:39:37 CEST 2014
Hi Thomas,
On 18.08.2014 08:36, Thomas Goirand wrote:
> There's been a very well commented technical reason stated here: the
> release team don't want to deal with 2 of the same library that are
> doing (nearly) the same things, with potentially the same security
> issues that we'd have to fix twice rather than once.
Why is it a security problem to have FFmpeg and Libav, but apparently no
problem to have MySQL, MariaDB and PerconaDB?
This seems quite arbitrary to me, especially since there have been
already 36 CVEs in 2014 for MySQL [1], of which 26 apparently are also
relevant for MariaDB [2] and PerconaDB [3], but only 7 for FFmpeg [4]
and 8 for Libav [5] in the same time.
Best regards,
Andreas
1: https://security-tracker.debian.org/tracker/source-package/mysql-5.5
2: https://security-tracker.debian.org/tracker/source-package/mariadb-5.5
3:
https://security-tracker.debian.org/tracker/source-package/percona-xtradb-cluster-5.5
4: https://security-tracker.debian.org/tracker/source-package/ffmpeg
5: https://security-tracker.debian.org/tracker/source-package/libav
More information about the ffmpeg-devel
mailing list