[Bug 453422] Review Request: songbird - Mozilla based multimedia player
bugzilla at redhat.com
bugzilla at redhat.com
Sat Apr 4 09:15:14 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=453422
--- Comment #43 from Peter Robinson <pbrobinson at gmail.com> 2009-04-04 05:15:12 EDT ---
> quoting from SB #15401
> > I don't think the Fedora peeps are going to take this very well, but they won't
> > have a choice if Songbird is to be stable.
> Remember that the choice is our. Either to have songbird compliant with the
> Fedora guidelines either to have it not in repository.
> And it is more important to have packages that can be maintained easily
> (without using it own copies) than having packages to "just work".
By shipping an extra copy of gstreamer it also becomes a security risk if
there's a exploit that's fixed in the mainline gstreamer and is missed being
updated in the songbird copy. That is why there was an effort a number of
releases ago to strip out all the included copies of db4/zlib/etc. EG there was
a gstreamer CVE just recently. See RHBZ 481267
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list