> On Monday, 10 February 2020 at 10:07, Vitaly Zaitsev via devel wrote: > > On 10.02.2020 09:43, John M. Harris Jr wrote: > > > As long as it builds and functions, why remove it? > > > > Because it has lots of critical vulnerabilities and endangers end-user > > devices. > > Please name a couple. Nobody has provided a single specific case of an > unfixed security vulnerability affecting gstreamer 0.10.x yet. CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808, CVE-2016-9807, CVE-2016-9445, CVE-2016-9445, CVE-2016-9447, CVE-2016-9809..... there's others, not to mention issues likely found and fixed in gst1 that weren't back ported to the 0.10 series, and even if there were bugs backported to the Fedora releases given there's no upstream support it would a "scrape the internet" for the fixes scenario. The issues with media and vulnerabilities are well known, Google has had many many large issues with android with the same sort of issues which caused them to completely rewrite their media stack to run completely sandboxed, somthing that the old version of gstreamer doesn't support. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
