1 |
On Wed, 16 Jan 2013 21:39:04 +0100 |
2 |
Luca Barbato <lu_zero@g.o> wrote: |
3 |
|
4 |
> On 16/01/13 21:09, Alexis Ballier wrote: |
5 |
> > More seriously: Why ? Who decided this ? |
6 |
> |
7 |
> I never pushed my weight over it before since as you are involved in |
8 |
> FFmpeg directly, I am involved in Libav directly. |
9 |
|
10 |
I don't know what you mean by involved directly, but ffmpeg happens to |
11 |
be what I use and care about, hence I have a couple of commits there |
12 |
but their number is quite ridiculous in comparison. [Actually, I should |
13 |
be honored that you compare my involvement with yours :)] |
14 |
|
15 |
> Thus anything I say on this topic has a clear bias. Same goes for you. |
16 |
|
17 |
... but I admit I have some bias, however, I'm rather a consumer than a |
18 |
developer when it comes to ffmpeg and believe we need to think as |
19 |
consumers as a downstream distro. |
20 |
|
21 |
> Tomas is not related to libav beside one of his core project using it |
22 |
> by transition, so I would expect him to be less biased than us. |
23 |
> |
24 |
> > Let's be realistic, both upstreams claim they're better than the |
25 |
> > other in one way or another, and let's think like serious |
26 |
> > downstreams, not like upstream playground. |
27 |
> |
28 |
> VLC uses it since ffmpeg doesn't work with rtmp properly last time |
29 |
> they checked and other interesting situations. |
30 |
|
31 |
interesting, did they report it? OTOH, they switched _after_ the 2.0.5 |
32 |
release which happens to be the latest one. Since vlc is probably the |
33 |
ffmpeg/libav interface the most popular in the world (due to their |
34 |
windows and mac builds), I'd like to see an actual release with it and |
35 |
see if there is any regression before claiming they use libav. |
36 |
|
37 |
> gst-ffmpeg/gst-libav works only with libav as per upstream desire |
38 |
> (thus the rename) |
39 |
|
40 |
you mean use libav internally? because 'per upstream desire' |
41 |
gst-ffmpeg or gst-libav always only worked with the internal libs :) |
42 |
it also appears to build and work fine with ffmpeg-0.10 |
43 |
|
44 |
> ubuntu and debian just use Libav. |
45 |
|
46 |
Speaking about bias, the maintainer happens to be part of libav core |
47 |
developers and was even part of what is known as the 'ffmpeg coup' :) |
48 |
|
49 |
> > As a downstream, I can see plenty of reasons against, but none in |
50 |
> > favor of this change: |
51 |
> > - There are still a couple of non-trivial packages that need to be |
52 |
> > fixed to work with libav while I don't know any that works with |
53 |
> > libav but not ffmpeg. |
54 |
> |
55 |
> See above for the other way round. |
56 |
|
57 |
None of what you cited is a problem for a downstream distribution, |
58 |
except maybe vlc+rtmp which should be fixed regardless. |
59 |
xbmc and mplayer did not build last time I tried. xbmc will be a pain |
60 |
because it uses some libavfilter features not in libav. |
61 |
|
62 |
> > - All (but the one discovered in Nov. 2012) of the security issues |
63 |
> > fixed by libav 0.8.5, released on Jan. 13 2013 were fixed in May |
64 |
> > 2012 (!!) for ffmpeg according to the website... 8 months before... |
65 |
> |
66 |
> The security game is fun. Given the number of "additional features" |
67 |
> the surface impact is bigger in FFmpeg and currently all but one of |
68 |
> the bugs claimed as security issues originate from the same guy he |
69 |
> claim to fix them (sometimes the fix doesn't address the underlying |
70 |
> issue but just _that_ specific sample). |
71 |
|
72 |
I don't want to verify this and will trust you there, but I still |
73 |
don't consider 8 months to be a correct delay for handling a published |
74 |
vulnerability, whatever its origin may be. |
75 |
|
76 |
> I'd rather avoid having another mud sliding contest. |
77 |
> |
78 |
> I stopped caring about FFmpeg since somebody gave a sample of his |
79 |
> humor wishing my death. |
80 |
|
81 |
This is getting personal :) I'm sure the fork didn't happen because |
82 |
some day some devs woke up angry because they didn't have had their |
83 |
coffee. However, I'm also sure the fork is a pain for downstream |
84 |
distros and a lot of upstreams. |
85 |
|
86 |
Alexis. |