Debian Bug report logs - #411258
RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team

Package: ftp.debian.org; Maintainer for ftp.debian.org is Debian FTP Master <ftpmaster@ftp-master.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 9 Feb 2007 23:48:02 UTC

Severity: normal

Done: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gstreamer0.8. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gstreamer0.8: Should not be released with Etch
Date: Sat, 10 Feb 2007 00:44:24 +0100
Package: gstreamer0.8
Severity: serious

gstreamer-0.8 embeds a full copy of the ffmpeg, which frequently
has vulnerabilities. For mplayer and gstreamer0.10 exceptions
were more or less justified, but for gstreamer0.8 this isn't
the case. It has only three rev-deps: teatime and and muine have
already easily been fixed in sid/experimental. goobox appears dead
upstream (According to http://www.gnomefiles.org/app.php?soft_id=531
the last release is from Nov 2005), has hardly any users in popcon
and we have plenty of media players in Debian. So unless it's fixed
to use gstreamer 0.10 it'll need to be removed from Etch along with
gstreamer 0.8.

Cheers,
        Moritz

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gstreamer0.8. Full text and rfc822 format available.

Acknowledgement sent to David Schleef <ds@schleef.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 410352@bugs.debian.org (full text, mbox):

From: David Schleef <ds@schleef.org>
To: 410352@bugs.debian.org
Subject: Re: Bug#410352: gstreamer0.8: Should not be released with Etch
Date: Fri, 9 Feb 2007 17:58:53 -0800
On Sat, Feb 10, 2007 at 12:44:24AM +0100, Moritz Muehlenhoff wrote:
> Package: gstreamer0.8
> Severity: serious
> 
> gstreamer-0.8 embeds a full copy of the ffmpeg, which frequently
> has vulnerabilities.

gstreamer0.8 != gstreamer0.8-ffmpeg

Problems with ffmpeg do not justify removing gstreamer0.8.
Nevertheless, I don't see a strong reason to keep it.



dave...




Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gstreamer0.8. Full text and rfc822 format available.

Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 410352@bugs.debian.org (full text, mbox):

From: Loïc Minier <lool@dooz.org>
To: 410352@bugs.debian.org
Cc: control@bugs.debian.org, goobox@packages.debian.org, goobox@packages.qa.debian.org, teatime@packages.debian.org, teatime@packages.qa.debian.org, muine@packages.debian.org, muine@packages.qa.debian.org
Subject: Re: Bug#410352: gstreamer0.8: Should not be released with Etch
Date: Sat, 10 Feb 2007 11:28:46 +0100
# removal of GStreamer 0.8 vs removal of gst-ffmpeg
clone 410352 -1
retitle -1 Dropping the gstreamer0.8 stack
reassign 410352 gst-ffmpeg
block -1 with 410352
severity -1 important
clone -1 -2 -3 -4
retitle -2 teatime: Please switch to GStreamer 0.10 ASAP
reassign -2 teatime 2.6.0-4
close -2 2.6.0-5
retitle -3 goobox: Please switch to GStreamer 0.10 ASAP
reassign -3 goobox 0.9.93-7
retitle -4 muine: Please switch to GStreamer 0.10 ASAP
reassign -4 muine 0.8.5-1.1
block -1 with -2 -3 -4
stop

        Hi,

 Per request of the security team (see below), gst-ffmpeg and its
 associated codecs support will be dropped for etch; this means your
 programs wont support some formats anymore.  I strongly suggest to move
 to GStreamer 0.10 in unstable right now, this might give a chance to
 your program to be reviewed by the release team and transition to Etch.


 For teatime, I'm going to ask for an unblock hint; for muine, I think
 it would be ok to upload the new upstream release.


 This is the request of the security team:

On Sat, Feb 10, 2007, Moritz Muehlenhoff wrote:
> gstreamer-0.8 embeds a full copy of the ffmpeg, which frequently
> has vulnerabilities. For mplayer and gstreamer0.10 exceptions
> were more or less justified, but for gstreamer0.8 this isn't
> the case. It has only three rev-deps: teatime and and muine have
> already easily been fixed in sid/experimental. goobox appears dead
> upstream (According to http://www.gnomefiles.org/app.php?soft_id=531
> the last release is from Nov 2005), has hardly any users in popcon
> and we have plenty of media players in Debian. So unless it's fixed
> to use gstreamer 0.10 it'll need to be removed from Etch along with
> gstreamer 0.8.

   Bye,
-- 
Loïc Minier <lool@dooz.org>



Bug 410352 cloned as bug 410384. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `gstreamer0.8' to `gst-ffmpeg'. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs of 410384 added: 410352 Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gst-ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #26 received at 410352@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: "Loïc Minier" <lool@dooz.org>
Cc: 410352@bugs.debian.org, goobox@packages.debian.org, 410352-submitter@bugs.debian.org
Subject: Re: Bug#410352: gstreamer0.8: Should not be released with Etch
Date: Sat, 10 Feb 2007 13:44:06 +0100
[Message part 1 (text/plain, inline)]
Hello,
On Sat, Feb 10, 2007 at 11:28:46AM +0100, Loïc Minier wrote:
> # removal of GStreamer 0.8 vs removal of gst-ffmpeg
> clone 410352 -1
> retitle -1 Dropping the gstreamer0.8 stack
> reassign 410352 gst-ffmpeg
> block -1 with 410352
> severity -1 important
> clone -1 -2 -3 -4
> retitle -3 goobox: Please switch to GStreamer 0.10 ASAP
> reassign -3 goobox 0.9.93-7

>  Per request of the security team (see below), gst-ffmpeg and its
>  associated codecs support will be dropped for etch; this means your
>  programs wont support some formats anymore.  I strongly suggest to move
>  to GStreamer 0.10 in unstable right now, this might give a chance to
>  your program to be reviewed by the release team and transition to Etch.

I clearly lack the knowledge to port goobox to gstreamer 0.10.
Upstream has stated, that he has now time for the switch ATM, but will
try it later this year, clearly post Etch. 

I will stick to the timeline presented on debian-devel: I will see if
upstream updates goobox later this year, if not, goobox should be
completely removed. 

>  This is the request of the security team:
> 
> On Sat, Feb 10, 2007, Moritz Muehlenhoff wrote:
> > already easily been fixed in sid/experimental. goobox appears dead
> > upstream (According to http://www.gnomefiles.org/app.php?soft_id=531
> > the last release is from Nov 2005), has hardly any users in popcon
> > and we have plenty of media players in Debian. So unless it's fixed
> > to use gstreamer 0.10 it'll need to be removed from Etch along with
> > gstreamer 0.8.

Guess that decision has been taken already, hence no more to say.

         Helge
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#410352. Full text and rfc822 format available.

Bug 410384 cloned as bugs 410440, 410441, 410442. Request was from Loïc Minier <lool+alioth@via.ecp.fr> to control@bugs.debian.org. Full text and rfc822 format available.

Bug 410384 cloned as bugs 410440, 410441, 410442. Request was from Loïc Minier <lool+alioth@via.ecp.fr> to control@bugs.debian.org. Full text and rfc822 format available.

Bug 410384 cloned as bugs 410440, 410441, 410442. Request was from Loïc Minier <lool+alioth@via.ecp.fr> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gst-ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #40 received at 410352@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: David Schleef <ds@schleef.org>, 410352@bugs.debian.org, 410352-submitter@bugs.debian.org
Subject: Re: Bug#410352: gstreamer0.8: Should not be released with Etch
Date: Sun, 11 Feb 2007 11:55:40 -0800
severity 410352 important
unblock 410441 by 410352
block 410352 by 410441
unblock 410442 by 410352
block 410352 by 410442
unblock 410384 by 410352
block 410352 by 410384
thanks

On Fri, Feb 09, 2007 at 05:58:53PM -0800, David Schleef wrote:
> On Sat, Feb 10, 2007 at 12:44:24AM +0100, Moritz Muehlenhoff wrote:
> > Package: gstreamer0.8
> > Severity: serious

> > gstreamer-0.8 embeds a full copy of the ffmpeg, which frequently
> > has vulnerabilities.

> gstreamer0.8 != gstreamer0.8-ffmpeg

That seems to remove the rationale for treating gstreamer0.8 as RC-buggy for
etch, so I think it's appropriate to downgrade this bug.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#410352. Full text and rfc822 format available.

Severity set to `serious' from `serious' Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs of 410441 removed: 410352 Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs of 410442 removed: 410352 Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#410352; Package gst-ffmpeg. Full text and rfc822 format available.

Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #54 received at 410352@bugs.debian.org (full text, mbox):

From: Loïc Minier <lool@dooz.org>
To: 410352@bugs.debian.org, control@bugs.debian.org
Cc: ftp.debian.org@packages.debian.org, ftp.debian.org@packages.qa.debian.org
Subject: Clone against ftp.debian.org
Date: Sat, 17 Feb 2007 17:37:19 +0100
clone #410352 -1
retitle -1 RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team
reassign -1 ftp.debian.org
stop

-- 
Loïc Minier <lool@dooz.org>



Bug 410352 cloned as bug 411258. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `gst-ffmpeg' to `ftp.debian.org'. Request was from Loïc Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `normal' from `serious' Request was from Loic Minier <lool@dooz.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #67 received at 411258-close@bugs.debian.org (full text, mbox):

From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
To: 411258-close@bugs.debian.org
Cc: gst-ffmpeg@packages.debian.org, gst-ffmpeg@packages.qa.debian.org
Subject: Bug#411258: fixed
Date: Mon, 19 Feb 2007 16:23:04 +0000
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

gst-ffmpeg |   0.8.7-10 | source
gstreamer0.8-ffmpeg |   0.8.7-10 | alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 411258@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Jeroen van Wolffelaar (the ftpmaster behind the curtain)



Bug 410384 cloned as bugs 422852, 422853, 422854. Request was from Sebastian Dröge <slomo@circular-chaos.org> to control@bugs.debian.org. (Tue, 08 May 2007 13:09:29 GMT) Full text and rfc822 format available.

Bug 410384 cloned as bugs 422852, 422853, 422854. Request was from Sebastian Dröge <slomo@circular-chaos.org> to control@bugs.debian.org. (Tue, 08 May 2007 13:09:39 GMT) Full text and rfc822 format available.

Bug 410384 cloned as bugs 422852, 422853, 422854. Request was from Sebastian Dröge <slomo@circular-chaos.org> to control@bugs.debian.org. (Tue, 08 May 2007 13:09:49 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 10:39:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 15:48:51 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.