On Thu, Jul 31, 2014 at 9:54 PM, Josselin Mouette <j...@debian.org> wrote:
> No FFmpeg security update is “minor”. > > Almost each ffmpeg security bug is a code execution one. Almost each and > every one of them is hard to backport. > > Those 10 security updates might represent more work than 100 *really* > minor security updates. > How is it better to have libav, which does a lot less security bugfixing, in? I'd rather have a library that fixes bugs than one that passes in order to look "more secure". When in fact it's less. -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer)
