mpg321 decision needed

[seth vidal]

> A package update may be necessary because IIRC mpg321 is Required by 
> other packages in RH7.x, meaning removing mpg321 may be an infeasible 
> suggestion in the update notification.  Please somebody check on this 
> and report back.
> 
> I personally feel that removing mpg321 or crippling its functionality in 
> Legacy is not much of a loss, since the majority of Legacy users are 
> servers.  Maybe some businesses use Legacy for workstations, but think 
> of a broken MP3 decoder as productivity gain? =)

It's not about business it's about screwing somebody up and surprising
them when the legacy repository breaks something on their system which
used to work.

What if this program were something to do with mail processing that
suddenly became legally complicated to update? You wouldn't just break
someone's mail system? So it's just mp3 playing but we shouldn't
surprise people with the change. I recommend issuing a comment about mp3
players and libraries being deprecated and legal reasons make them
impossible to be updated. 

Last I checked this particular vulnerability isn't all that nasty
anyway.

Let people know that there is a vulnerability and that we can't patch
it. They can discover the patches/fixes for themselves. Heck, maybe some
enterprising young soul will drop an anvil on that particular bug and
squash it.

:)
-sv