On Sat, Oct 28, 2006 at 01:08:09PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > severity 395252 serious
> > thanks
> >
> > > The testing security team tracks probably hundreds of possibly security
> > > relevant code copies in data/embedded-code-copies in their svn repo. As
> > > long as the security teams know about code copies, they can deal with
> > > updates due to them.
> >
> > No, we have already way too much work and artifially introducing more is
> > not a option. For Sarge there was no clean solution, as ffmpeg provided
> > only a static libavcodec, but since this exists, there's no reason not
> > to use it.
>
> How is mplayer different than the 200 or so other items listed in
> embedded-code-copies? Other than only getting through incoming now.
Two complexes of code embedding have caused serious trouble for security
support in Sarge; xpdf and libavcodec. xpdf is resolved for Etch, libavcodec
is being adressed currently, thus this bug.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
