mpg321 decision needed
Warren Togami
warren at togami.com
Fri Jan 9 03:05:55 UTC 2004
https://bugzilla.fedora.us/show_bug.cgi?id=1186
mpg321 proposed Legacy update
Due to licensing issues with anything related to MP3, after some
discussions it seems that we cannot issue an update for this package.
It was suggested that Legacy should publish an update notification
recommending that users stop using it, or even remove the package. This
is a certainty.
What we must decide upon is whether we should also issue a mpg321
package update that removes MP3 functionality. This is only to force
the vulnerable program to uninstall from systems. I personally am in
favor of this option, but please discuss the pros & cons.
A package update may be necessary because IIRC mpg321 is Required by
other packages in RH7.x, meaning removing mpg321 may be an infeasible
suggestion in the update notification. Please somebody check on this
and report back.
I personally feel that removing mpg321 or crippling its functionality in
Legacy is not much of a loss, since the majority of Legacy users are
servers. Maybe some businesses use Legacy for workstations, but think
of a broken MP3 decoder as productivity gain? =)
Warren
More information about the fedora-legacy-list
mailing list