mpg321 decision needed
Panu Matilainen
pmatilai at welho.com
Fri Jan 9 10:36:13 UTC 2004
On Thu, 8 Jan 2004, Jason wrote:
>
> > What we must decide upon is whether we should also issue a mpg321
> > package update that removes MP3 functionality. This is only to force
> > the vulnerable program to uninstall from systems. I personally am in
> > favor of this option, but please discuss the pros & cons.
> >
> > A package update may be necessary because IIRC mpg321 is Required by
> > other packages in RH7.x, meaning removing mpg321 may be an infeasible
> > suggestion in the update notification. Please somebody check on this
> > and report back.
> >
> > I personally feel that removing mpg321 or crippling its functionality in
> > Legacy is not much of a loss, since the majority of Legacy users are
> > servers. Maybe some businesses use Legacy for workstations, but think
> > of a broken MP3 decoder as productivity gain? =)
>
> It should be safe for the user to remove mpg321:
>
> [rohwedde at fungo rohwedde]$ rpm -q --whatrequires mpg123 mpg321
> no package requires mpg123
> no package requires mpg321
Mind you, you can't trust --whatrequires <package> output *at all* because
it doesn't look at library dependencies, only anything that has
direct "Requires: <package>". To get full dependency info you'll need to
do something like
rpm -q --whatrequires `rpm -q --provides mpg123`
- Panu -
More information about the fedora-legacy-list
mailing list