Date: Sun, 08 May 2016 12:39:10 +0200 From: Jan Beich <jbeich@vfemail.net> To: Thomas Zander <riggs@freebsd.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, "ports-committers\@FreeBSD.org" <ports-committers@freebsd.org> Subject: Re: svn commit: r414781 - head/multimedia/ffmpeg Message-ID: <mvo0-3kc1-wny@vfemail.net> In-Reply-To: <CAFU734x33gCbYXKOv1a0ypb8yZDCV12BWduD9=OkYS%2BV_dR_XA@mail.gmail.com> (Thomas Zander's message of "Sun, 8 May 2016 09:44:39 %2B0200") References: <201605071810.u47IAEGx095469@repo.freebsd.org> <h9e9-bqso-wny@vfemail.net> <CAFU734x33gCbYXKOv1a0ypb8yZDCV12BWduD9=OkYS%2BV_dR_XA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Thomas Zander <riggs@freebsd.org> writes: > On 7 May 2016 at 21:40, Jan Beich <jbeich@vfemail.net> wrote: >> Can you MFH all patch-level updates by default? Those contain stability >> and security fixes much desired on quaterly branches. > > I'd be happy to do that, I was just not aware of this policy. I'm not sure if there's such a policy but 2.8.7 is covered by "runtime fixes" intent when quaterly branches were first announced. When requesting MFH just state if there's ABI or POLA impact and link to the changelog. > For ffmpeg, I routinely double-check > https://www.ffmpeg.org/security.html and noticed that 2.8.7 does not > fix any known vulnerability. The page sometimes lags behind fixes for months. Here's a list from 2.8.7 that may (or may not) end up there. Firefox stake can be easily noticed. https://git.videolan.org/?p=ffmpeg.git;a=commit;h=2a158602273f https://trac.ffmpeg.org/ticket/5412 https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ef54c144250a https://trac.ffmpeg.org/ticket/5371 https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5127cb2e78c0 https://hg.mozilla.org/releases/mozilla-beta/rev/e69afe7adf97 https://bugzilla.mozilla.org/show_bug.cgi?id=1266129 (Access Denied ;) https://git.videolan.org/?p=ffmpeg.git;a=commit;h=1e9aa7907ed4 https://trac.ffmpeg.org/ticket/5259 https://git.videolan.org/?p=ffmpeg.git;a=commit;h=536f6c4ec2f8 https://trac.ffmpeg.org/ticket/4899 > Since no build or runtime errors were reported in bugzilla for 2.8.6, > it seemed to me that the quarterly branch does not have a problem that > needs fixing. ffmpeg runtime issues tend to be OS-agnostic. As such users are discouraged to report them on downstream bugtrackers like our bugzilla. > Is patch-level updating covered by a blanket? No. I think, only extreme cases (e.g., startup crash) are covered by stability blanket where the commit doesn't carry other "baggage" that often comes with updates. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJXLxdOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bVzYIAIMcFCxJ19YtsmW+AVvdk/Hd ryC1i8tQr3pVWqdNLDmWydCed/VMX7vuzTEkmrKeO9bzUuNbFlATacE0Bz+eAQ7R ZmFTvs9+SrOzFaUQVgzuOuAFgahRQT48Fb0cI24F5gn/75pFtknqc7Bw/W/FSrLb Q6weNeLdZbrA5/pMWSvvkS86hNpO2u/SYPMcH0epq45vZmPocLLYPqsLo/TA31w6 Tx6OlqFp26IoaC7TBZEjXgiN7Y1NvhO6fgBiBesASB5UrZWXtA60IUKAxe9/8iqO udcMSHmEoc+ugvqb2hT1LN/aVeE4rxjaE0iWu0nnLnXGrntYmVs/DSwn1OeCLo4= =A4sQ -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?mvo0-3kc1-wny>