2014-01-11, 19:29
The debate of using internal ffmpeg code versus external ffmpeg one is not new and XBMC devs have made it clear they have no intend to support external ffmpeg.
However, in light of new post about security problem http://googleonlinesecurity.blogspot.com...fixes.html and http://ffmpeg.org/security.htmluser and packagers should be warned that by using XBMC with internal ffmpeg code, they will put their system at risk because the bugs that have been discovered and fixed in upstream are still in XBMC internal ffmpeg code.
Worse, opening bugs for gotham related to this particular security issues have been purely closed as WONT FIX meaning security issues are deemed not important:http://trac.xbmc.org/ticket/14838 In addition while it was possible to use external ffmpeg code, devs intend to drop this feature without clearly indicating that they will make effort to stay current with ffmpeg code.
I really do not understand the rationale behind such move and closing security bug as WONTFIX is for me a bad practice.
EDITED: fixed URL as per comment.
However, in light of new post about security problem http://googleonlinesecurity.blogspot.com...fixes.html and http://ffmpeg.org/security.htmluser and packagers should be warned that by using XBMC with internal ffmpeg code, they will put their system at risk because the bugs that have been discovered and fixed in upstream are still in XBMC internal ffmpeg code.
Worse, opening bugs for gotham related to this particular security issues have been purely closed as WONT FIX meaning security issues are deemed not important:http://trac.xbmc.org/ticket/14838 In addition while it was possible to use external ffmpeg code, devs intend to drop this feature without clearly indicating that they will make effort to stay current with ffmpeg code.
I really do not understand the rationale behind such move and closing security bug as WONTFIX is for me a bad practice.
EDITED: fixed URL as per comment.