Please demote libav to universe

Bug #1243235 reported by Marc Deslauriers
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
alsa-plugins (Ubuntu)
Fix Released
Undecided
Unassigned
alsa-plugins-extra (Ubuntu)
Fix Released
Undecided
Unassigned
libav (Ubuntu)
Fix Released
Medium
Unassigned
strigi (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Ready to be demoted:

 Source and binary movements to universe
 ---------------------------------------
 o libav: ffmpeg ffmpeg-doc libav-doc libav-tools libavcodec-dev libavcodec53 libavdevice-dev libavdevice53 libavfilter-dev libavfilter2 libavformat-dev libavformat53 libavutil-dev libavutil51 libpostproc-dev libpostproc52 libswscale-dev libswscale2

libav demotion:

I would like libav to be demoted to universe in Trusty. It is a package
that takes considerable resources to maintain security updates for,
resulting in it being vulnerable in Debian and Ubuntu.

Not only does anything in main currently depend on it, but having it in
main results in split packaging (libav and libav-extras) which puts an
extra burden on maintenance.

It is currently being seeded in supported-desktop-extra.

$ reverse-depends -c main src:libav
No reverse dependencies found

$ reverse-depends -b -c main src:libav
Reverse-Build-Depends
=====================
* alsa-plugins (for libavcodec-dev)
* alsa-plugins (for libavutil-dev)
* strigi (for libpostproc-dev)
* strigi (for libswscale-dev)

strigi:
-------
I don't believe strigi actually needs libpostproc-dev and libswscale-dev.

Here is the current build log with them:

-- checking for module 'libavcodec'
-- package 'libavcodec' not found
-- checking for module 'libavformat'
-- package 'libavformat' not found
-- checking for module 'libavdevice'
-- package 'libavdevice' not found
-- checking for module 'libavutil'
-- found libavutil, version 51.22.1
-- checking for module 'libswscale'
-- found libswscale, version 2.1.0
-- checking for module 'libpostproc'
-- found libpostproc, version 52.0.0
-- Could NOT find FFmpeg (missing: AVCODEC_LIBRARIES AVCODEC_INCLUDE_DIRS AVFORMAT_LIBRARIES AVFORMAT_INCLUDE_DIRS)
** FFmpeg not found. Support for indexing FFMPEG is disabled

Here is the build log after they have been removed:

-- checking for module 'libavcodec'
-- package 'libavcodec' not found
-- checking for module 'libavformat'
-- package 'libavformat' not found
-- checking for module 'libavdevice'
-- package 'libavdevice' not found
-- checking for module 'libavutil'
-- package 'libavutil' not found
-- checking for module 'libswscale'
-- package 'libswscale' not found
-- checking for module 'libpostproc'
-- package 'libpostproc' not found
-- Could NOT find FFmpeg (missing: FFMPEG_LIBRARIES FFMPEG_INCLUDE_DIRS AVCODEC_LIBRARIES AVCODEC_INCLUDE_DIRS AVFORMAT_LIBRARIES AVFORMAT_INCLUDE_DIRS AVUTIL_LIBRARIES AVUTIL_INCLUDE_DIRS SWSCALE_LIBRARIES SWSCALE_INCLUDE_DIRS)
** FFmpeg not found. Support for indexing FFMPEG is disabled

alsa-plugins:
-------------

alsa-plugins needs libavcodec-dev and libavutil-dev for the
libasound2-plugins-extra package in universe.

We have three options:

1- Stop building libasound2-plugins-extra

$ reverse-depends -s libasound2-plugins-extra
No reverse dependencies found

2- Leave libavcodec-dev and libavutil-dev in main (not ideal)
3- Add an alsa-plugins-extras source package

Revision history for this message
Sebastien Bacher (seb128) wrote :

+1 from desktop team to have it demoted

Changed in strigi (Ubuntu):
status: New → Fix Committed
Changed in alsa-plugins (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package strigi - 0.7.7-3ubuntu6

---------------
strigi (0.7.7-3ubuntu6) trusty; urgency=low

  * Drop libprostproc-dev and libswscale-dev build-dependencies. (LP:
    #1243235)
 -- Dmitrijs Ledkovs <email address hidden> Wed, 30 Oct 2013 17:51:26 +0000

Changed in strigi (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package alsa-plugins - 1.0.27-2ubuntu2

---------------
alsa-plugins (1.0.27-2ubuntu2) trusty; urgency=low

  * Drop libasound2-plugins-extra package (LP: #1243235)
  * Drop libavcodec-dev and libavutil-dev build-deps.
 -- Dmitrijs Ledkovs <email address hidden> Wed, 30 Oct 2013 18:10:59 +0000

Changed in alsa-plugins (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Reinhard Tartler (siretart) wrote :

We used to have libav in main also because of KDE. What happened to kdemultimedia, do they also have been demoted to universe?

Besides, what are the implications of this demotion regarding updates and care by the ubuntu security team? Libav, as a codec library, is by nature a pretty sensitive piece of software that frequently receives point releases with security updates. Would demoting it make it more or less likely that such point release updates land in ubuntu?

Revision history for this message
David Henningsson (diwic) wrote :

As a side note; on the audio minisummit last week, someone mentioned that maybe alsa plugins code should move to their respective projects, which was generally positively looked upon.
Hence I'd like to add an option
4) we could patch libav to contain the code that now no longer builds in alsa-plugins.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

kdemultimedia is now in universe, and has been since Ubuntu 12.10.

Having libav in universe will make maintaining security updates easier as the community will be able to participate also in helping getting the point releases in Ubuntu.

Changed in libav (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
description: updated
Revision history for this message
Adam Conrad (adconrad) wrote :

libav has been demoted to universe.

Changed in libav (Ubuntu):
status: Confirmed → Fix Released
Changed in alsa-plugins-extra (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.