Re: mpg321 decision needed

[Panu Matilainen <pmatilai welho com>]

On Thu, 8 Jan 2004, Jason wrote:

> 
> > What we must decide upon is whether we should also issue a mpg321 
> > package update that removes MP3 functionality.  This is only to force 
> > the vulnerable program to uninstall from systems.  I personally am in 
> > favor of this option, but please discuss the pros & cons.
> > 
> > A package update may be necessary because IIRC mpg321 is Required by 
> > other packages in RH7.x, meaning removing mpg321 may be an infeasible 
> > suggestion in the update notification.  Please somebody check on this 
> > and report back.
> > 
> > I personally feel that removing mpg321 or crippling its functionality in 
> > Legacy is not much of a loss, since the majority of Legacy users are 
> > servers.  Maybe some businesses use Legacy for workstations, but think 
> > of a broken MP3 decoder as productivity gain? =)
> 
> It should be safe for the user to remove mpg321:
> 
> [rohwedde fungo rohwedde]$ rpm -q --whatrequires mpg123 mpg321
> no package requires mpg123
> no package requires mpg321

Mind you, you can't trust --whatrequires <package> output *at all* because 
it doesn't look at library dependencies, only anything that has 
direct "Requires: <package>". To get full dependency info you'll need to 
do something like
rpm -q --whatrequires `rpm -q --provides mpg123`

	- Panu -