| 1 |
On Wed, 16 Jan 2013 21:39:04 +0100 |
| 2 |
Luca Barbato <lu_zero@g.o> wrote: |
| 3 |
|
| 4 |
> On 16/01/13 21:09, Alexis Ballier wrote: |
| 5 |
> > More seriously: Why ? Who decided this ? |
| 6 |
> |
| 7 |
> I never pushed my weight over it before since as you are involved in |
| 8 |
> FFmpeg directly, I am involved in Libav directly. |
| 9 |
|
| 10 |
I don't know what you mean by involved directly, but ffmpeg happens to |
| 11 |
be what I use and care about, hence I have a couple of commits there |
| 12 |
but their number is quite ridiculous in comparison. [Actually, I should |
| 13 |
be honored that you compare my involvement with yours :)] |
| 14 |
|
| 15 |
> Thus anything I say on this topic has a clear bias. Same goes for you. |
| 16 |
|
| 17 |
... but I admit I have some bias, however, I'm rather a consumer than a |
| 18 |
developer when it comes to ffmpeg and believe we need to think as |
| 19 |
consumers as a downstream distro. |
| 20 |
|
| 21 |
> Tomas is not related to libav beside one of his core project using it |
| 22 |
> by transition, so I would expect him to be less biased than us. |
| 23 |
> |
| 24 |
> > Let's be realistic, both upstreams claim they're better than the |
| 25 |
> > other in one way or another, and let's think like serious |
| 26 |
> > downstreams, not like upstream playground. |
| 27 |
> |
| 28 |
> VLC uses it since ffmpeg doesn't work with rtmp properly last time |
| 29 |
> they checked and other interesting situations. |
| 30 |
|
| 31 |
interesting, did they report it? OTOH, they switched _after_ the 2.0.5 |
| 32 |
release which happens to be the latest one. Since vlc is probably the |
| 33 |
ffmpeg/libav interface the most popular in the world (due to their |
| 34 |
windows and mac builds), I'd like to see an actual release with it and |
| 35 |
see if there is any regression before claiming they use libav. |
| 36 |
|
| 37 |
> gst-ffmpeg/gst-libav works only with libav as per upstream desire |
| 38 |
> (thus the rename) |
| 39 |
|
| 40 |
you mean use libav internally? because 'per upstream desire' |
| 41 |
gst-ffmpeg or gst-libav always only worked with the internal libs :) |
| 42 |
it also appears to build and work fine with ffmpeg-0.10 |
| 43 |
|
| 44 |
> ubuntu and debian just use Libav. |
| 45 |
|
| 46 |
Speaking about bias, the maintainer happens to be part of libav core |
| 47 |
developers and was even part of what is known as the 'ffmpeg coup' :) |
| 48 |
|
| 49 |
> > As a downstream, I can see plenty of reasons against, but none in |
| 50 |
> > favor of this change: |
| 51 |
> > - There are still a couple of non-trivial packages that need to be |
| 52 |
> > fixed to work with libav while I don't know any that works with |
| 53 |
> > libav but not ffmpeg. |
| 54 |
> |
| 55 |
> See above for the other way round. |
| 56 |
|
| 57 |
None of what you cited is a problem for a downstream distribution, |
| 58 |
except maybe vlc+rtmp which should be fixed regardless. |
| 59 |
xbmc and mplayer did not build last time I tried. xbmc will be a pain |
| 60 |
because it uses some libavfilter features not in libav. |
| 61 |
|
| 62 |
> > - All (but the one discovered in Nov. 2012) of the security issues |
| 63 |
> > fixed by libav 0.8.5, released on Jan. 13 2013 were fixed in May |
| 64 |
> > 2012 (!!) for ffmpeg according to the website... 8 months before... |
| 65 |
> |
| 66 |
> The security game is fun. Given the number of "additional features" |
| 67 |
> the surface impact is bigger in FFmpeg and currently all but one of |
| 68 |
> the bugs claimed as security issues originate from the same guy he |
| 69 |
> claim to fix them (sometimes the fix doesn't address the underlying |
| 70 |
> issue but just _that_ specific sample). |
| 71 |
|
| 72 |
I don't want to verify this and will trust you there, but I still |
| 73 |
don't consider 8 months to be a correct delay for handling a published |
| 74 |
vulnerability, whatever its origin may be. |
| 75 |
|
| 76 |
> I'd rather avoid having another mud sliding contest. |
| 77 |
> |
| 78 |
> I stopped caring about FFmpeg since somebody gave a sample of his |
| 79 |
> humor wishing my death. |
| 80 |
|
| 81 |
This is getting personal :) I'm sure the fork didn't happen because |
| 82 |
some day some devs woke up angry because they didn't have had their |
| 83 |
coffee. However, I'm also sure the fork is a pain for downstream |
| 84 |
distros and a lot of upstreams. |
| 85 |
|
| 86 |
Alexis. |
Archives