debian-multimedia.org considered harmful, Was: Unofficial repositories on 'debian' domains

Vincent Lefevre vincent at vinc17.net
Thu Mar 8 11:46:38 UTC 2012


On 2012-03-05 16:42:50 +0100, Reinhard Tartler wrote:
> Friendly discussion with the maintainer of debian-multimedia.org to
> not replace libraries such as libavcodec and friends have failed
> ultimatively (BTW, that is part of the reason why we've ended up with
> an epoch of '4', dmo uses epoch '5');  he has repeatedly shown that is
> not interested in collaborating with pkg-multimedia at all. He also
> does not seem interested in installing libraries in a way that they do
> not interfere with 'official' Debian packages (e.g., by changing
> SONAMES, or installing in private directories, etc.).

It's worse than that. Security support is non-existent, and users
don't know that. An example:

  http://lists.debian.org/debian-user-french/2010/08/msg00006.html

where a user recommended flashplayer-mozilla from debian-multimedia
(debian-multimedia.org), saying that it was working very well. What
he didn't say (and there was no information on debian-multimedia.org
either), is that this was a version with critical vulnerabilities
known since June 2010:
  http://www.adobe.com/support/security/bulletins/apsb10-14.html

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



More information about the pkg-multimedia-maintainers mailing list