[flac-dev] FLAC 1.3.2 has been released
brianw at audiobanshee.com
Sun Jan 1 03:04:08 UTC 2017
To put this another way, why not leave the 1.2.1 binaries available on a secondary web page dedicated to legacy operating systems? I do see merit in guiding new users and new downloads to the latest, secure builds, but I am opposed to removing the legacy versions completely (for the reasons cited below).
On Dec 31, 2016, at 7:02 PM, Brian Willoughby <brianw at audiobanshee.com> wrote:
> Security is quite important, but I believe that audio quality and lossless performance trump security for nearly all users of flac.
> In other words, unless the bugs affect the lossless quality of flac, then those old downloads should remain available. Of course, place a notice about the potential for security issues, but let the users make their own decisions.
> Personally, I find it important to have the option of decoding my archived flac files with the same version of the code that I used to compress them. Granted, I'm on Mac (Unix), but I assume that the same security holes are in 1.2.1 for Unix as for Windows. Sorry I'm not much of an expert on the security issues, but it seems that lots of software has these sorts of security holes. We should certainly address the issues, but there's no need to force everyone to lose access to historical versions of the flac program. Even if the new versions of flac are perfectly compatible, there is still some benefit to having old versions that will run on old computer operating systems. I maintain a great number of old computers for audio recording purposes, and while they work fine for audio purposes they won't run new builds of certain software.
> Brian Willoughby
> On Dec 31, 2016, at 6:46 PM, Erik de Castro Lopo <mle+la at mega-nerd.com> wrote:
>> there are still 1000+ downloads per week 1.2.1 windows binaries
>> with know security holes. What do people think of the idea of
>> disabling downloads of old, known buggy Windows binary downloads?
More information about the flac-dev