[Mageia-dev] ffmpeg in mageia1 updates testing (revision 171164)

Sat Nov 26 15:47:48 CET 2011

26.11.2011 16:15, Anssi Hannula skrev:
+> On 26.11.2011 09:54, zezinho wrote:
+>> Le samedi 26 novembre 2011 02:31:43, Anssi Hannula a écrit :
+>>> About 75% of the crash issues fixed by the above 0.7 commits affect mga1
+>>> 0.6.x, with a sample size of 70 commits.
+>>
+>> So maybe we should consider ffmpeg as Firefox : a software we must upgrade
+>> because upstream fixes security only in latest version.
+>
+> Unfortunately FFmpeg is much less 'stable' than firefox in both its
+> dependencies and API across different series. Meaning that upgrade of
+> FFmpeg often requires upgrade of libx264 (like in 0.6->0.7), or requires
+> changes in software that uses FFmpeg (0.6->0.7 doesn't, however).
+>
+> The "easy" way out in this case could be upgrading FFmpeg 0.6->0.7 and
+> x264 and doing extensive Q&A to avoid breakage. The "hard" way is
+> backporting the ~200 relevant patches (most of which don't apply
+> automatically).
+>
+
+And you dont think upgrading to a new ffmpeg will bring new bugs and 
+need for new fixes...
+
+We dont even have BR about those bugs in our bugzilla, so apparently
+they are not that important or not easy to hit.
+
+
+
+The real easy way is: just apply the 5 security fixes and be done with it.
+
+
+https://wiki.mageia.org/en/Updates_policy
+"For the most part, an update should consist of a patched build of the 
+same version of the package released with the distribution"
+
+
+If we start the "look at upstream, there are X number of fixes not in 
+our package", where does it end ??
+
+We will soon have to do it for every package, and that is Cauldron or a 
+rolling release, not really a stable release.
+
+And we dont have the manpower in QA to start a updating frenzy like this.
+
+The point is simple: software _always_ have bugs. Thats a fact.
+
+upgrading from one version to another does not only "fix bugs",
+it's also "replacing old bugs" with "new ones"
+
+--
+Thomas
+