(2014-01-11, 21:05)davilla Wrote: The cost of upgrading ffmpeg is very, very heavy. We are multi-plaform. Arm asm can get every tricky on Android/iOS and those platforms are hardly ever 'tested' by FFMpeg gods. The last version bump was painless, the one before that killed iOS platforms with changes in asm/linker code. It took a year to get someone interested in understanding and fixing the issue.
Sure the ARM ABI change for armhf, the various floating point (neon other, ..) and the IOS/Android environment stuff with their proprietary API, libc multimedia framework must be a nightmare.
(2014-01-11, 21:05)davilla Wrote: We don't like external ffmpeg, it gets abused and distros don't take the time or do not understand that as a mediacenter we are ver, very sensitive to FFMpeg changes. They toss the most recent version at it, fix compile issues and presto... We run like crap and users flock into the forums complaining.
Usually when officially packaged, bugs for a program should be handled by maintainer first. If he makes wrong decision, then he will have to assume them. I dunno how it works for official debian but they only propose 12.3 using external libav. For deb-multimedia, gotham alpha are proposed with ffmpeg 2.1.1 external. I think youre seeing problem on the forums, on the contrary, because XBMC is either not officially packaged by distributions or has been only very recently.
(2014-01-11, 21:05)davilla Wrote: So, if you want something that works, use our internal FFMpeg. If you want something that is secure but cannot reliably play audio/video content, use external FFMpeg or Libav.
I have been running external ffmpeg for at least two years. My experience is that it works at least as good as internal version ON LINUX. I did pay the price on some occassion.
(2014-01-11, 21:05)davilla Wrote: EDIT:
Besides, it's just plain way too late in our current release cycle to bump FFMpeg. We would have to start from scratch again and add 2-3 months for stability testing.
You're the devs. I suspect distributions will have to evaluate the security risks and should continue to be offered the external alternative. The fact that CVE for ffmpeg have been disclosed publicly just make things worse from a security point of view.