[Mageia-dev] ffmpeg in mageia1 updates testing (revision 171164)

Thomas Backlund tmb at mageia.org
Sat Nov 26 15:47:48 CET 2011

26.11.2011 16:15, Anssi Hannula skrev:
> On 26.11.2011 09:54, zezinho wrote:
>> Le samedi 26 novembre 2011 02:31:43, Anssi Hannula a écrit :
>>> About 75% of the crash issues fixed by the above 0.7 commits affect mga1
>>> 0.6.x, with a sample size of 70 commits.
>> So maybe we should consider ffmpeg as Firefox : a software we must upgrade
>> because upstream fixes security only in latest version.
> Unfortunately FFmpeg is much less 'stable' than firefox in both its
> dependencies and API across different series. Meaning that upgrade of
> FFmpeg often requires upgrade of libx264 (like in 0.6->0.7), or requires
> changes in software that uses FFmpeg (0.6->0.7 doesn't, however).
> The "easy" way out in this case could be upgrading FFmpeg 0.6->0.7 and
> x264 and doing extensive Q&A to avoid breakage. The "hard" way is
> backporting the ~200 relevant patches (most of which don't apply
> automatically).

And you dont think upgrading to a new ffmpeg will bring new bugs and 
need for new fixes...

We dont even have BR about those bugs in our bugzilla, so apparently
they are not that important or not easy to hit.

The real easy way is: just apply the 5 security fixes and be done with it.

"For the most part, an update should consist of a patched build of the 
same version of the package released with the distribution"

If we start the "look at upstream, there are X number of fixes not in 
our package", where does it end ??

We will soon have to do it for every package, and that is Cauldron or a 
rolling release, not really a stable release.

And we dont have the manpower in QA to start a updating frenzy like this.

The point is simple: software _always_ have bugs. Thats a fact.

upgrading from one version to another does not only "fix bugs",
it's also "replacing old bugs" with "new ones"


More information about the Mageia-dev mailing list