Lingon Portfile Update: OT
Eric Cronin
ecronin at macports.org
Wed Nov 19 15:14:17 PST 2008
On Nov 19, 2008, at 6:00 PM, Altoine Barker wrote:
> Eric,
>
> I must correct you. I am an avid fan of mplayer and I have been
> following the releases for a long time. Matter of fact, it was mplayer
> that made me look to macports to install mplayer, because it always
> took
> months for someone to release a package for Mac OSX. I will prove it
> by
> simply going to their download area by ftp:
>
> ftp://ftp.mplayerhq.hu/MPlayer/releases/
> MacOSX
> MPlayerOSX_1.0rc1.dmg is dated 12/10/06
> MPlayerOSX_1.0rc2.dmg is dated 04/30/08
> Windows
> MPlayer-1.0rc1-gui.zip is dated 10/23/06
> MPlayer-1.0rc2-gui.zip is dated 12/06/07
> Source
> MPlayer-1.0rc1.tar.bz2 is dated 10/22/06
> Mplayer-1.0rc2.tar.bz2 is dated 10/07/07
>
> You see how many MONTHS for Mac!
>
> -Altoine
I was commenting more about the fact that the MPlayer developers have
made it pretty clear that they see little point to issuing releases,
so for *any* platform, what's in ftp://ftp.mplayerhq.hu/MPlayer/
releases is dangerously out of date and insecure. The last few
security vulnerabilities they haven't even released patches against
1.0rc2 for, so the MacPorts version (based on Mplayer-1.0rc2.tar.bz2)
is currently vulnerable until I make/find a backport of the patches...
Mohammad Haque provides automated nightly builds of the svn HEAD at <http://www.haque.net/software/mplayer/mplayerosx/builds/
> which will have the latest security fixes but there is no testing
and unknown stability, regressions are frequent, etc...
I'd like to strike a middle ground and have MacPorts track a specific
recent svn revision, but as I said I don't have the time to rework
things just now. I'm hoping to at least band-aid the latest
vulnerability in the next week.
Thanks,
Eric
More information about the macports-users
mailing list