mpg321 decision needed
Jason
rohwedde at codegrinder.com
Fri Jan 9 04:35:19 UTC 2004
> What we must decide upon is whether we should also issue a mpg321
> package update that removes MP3 functionality. This is only to force
> the vulnerable program to uninstall from systems. I personally am in
> favor of this option, but please discuss the pros & cons.
>
> A package update may be necessary because IIRC mpg321 is Required by
> other packages in RH7.x, meaning removing mpg321 may be an infeasible
> suggestion in the update notification. Please somebody check on this
> and report back.
>
> I personally feel that removing mpg321 or crippling its functionality in
> Legacy is not much of a loss, since the majority of Legacy users are
> servers. Maybe some businesses use Legacy for workstations, but think
> of a broken MP3 decoder as productivity gain? =)
It should be safe for the user to remove mpg321:
[rohwedde at fungo rohwedde]$ rpm -q --whatrequires mpg123 mpg321
no package requires mpg123
no package requires mpg321
But, I certainly don't think we have the right to remove software from
someone's machine.. Whether they be in some sort of legal violation or
not. I think releasing a statement suggesting removal of the offending
software is certainly a responsible alternative for these situations.
-jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040108/e16b1d9f/attachment.sig>
More information about the fedora-legacy-list
mailing list