On Wed, May 28 2025 at 04:51:33 PM -05:00:00, Chris Adams
<li...@cmadams.net> wrote:
This package is for playing one particular encoding of videos (and
only
certain profiles of that encoding from what I understand). There's
also
nothing preventing Fedora from pointing users to Cisco's site to get
their provided binaries.
OK, but in practice, it enables playback of almost all the videos that
users actually care about. With openh264 installed, you can watch most
videos in your web browser, download them, and play them locally in
Totem or Showtime. Otherwise, you cannot.
There are always decisions between security and convenience, and
Fedora
has typically gone for security (e.g. things like continually raising
the crypto policies). Leaving desktop users open to a high-rated CVE
for three months (and counting), in the name of convenience, is rather
bad IMHO.
I agree. If we can't fix this in a timely manner, then the package
needs to be removed regardless of other considerations. If we knew that
it would take this long to update, we would probably have done that
already.
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
