> > Wow! I said "bad things" about Ubuntu regarding this topic but, just > > today, experienced the same kind of thing, with Debian Stretch, regarding > > the vlc "uber Package". Seems it's replacing libvlccore8 with > libvlccore9, > > along with several other replacements! So Debian also uses this > technique > > (dist-upgrade) for, other than "Upgrading the Distribution". > > > > Sorry about that, Ubuntu. :-) > > > > Kenneth Parker > > Your criticism of Debian is unjustified. apt-get dist-upgrade is > required to upgrade libvlccore8 to libvlccore9 because, of course, the > latter is a different package. >
Sorry abut that. I guess it's mainly a Teaching Moment for me. With Ubuntu, every Kernel Upgrade was handled this way, which had prompted my prior comment, criticizing Ubuntu. libvlccore8 is based on VLC version 2 and libvlccore9 is based on VLC 3. > VLC is susceptible to DSA-4203 (CVE-2017-17670), so VLC 3 has been fixed > in 3.0.2. As VLC 2.x will not get fixed, stretch had no alternative > but to move from version 2 to 3. > And, of course, the Version Upgrade is for a very good reason. (The vulnerability description is fascinating!) Cheers, > David. > Thanks for your patience. Kenneth Parker
