On Sat, Dec 03, 2011 at 02:01:34PM +0000, Manuel A. Fernandez Montecelo

wrote:

> I was thinking about disable the in-source use of timidity in

> SDL_mixer, mostly because it's an in-source copy of the code (which

> can make SDL_mixer and programs using it exploitable). ?However I

> don't know if this is possible, I don't know much about MIDI, and just

> took over maintenance of this package. Can you help me to make some

> informed decision?

Greetings.  First, thank you for taking over SDL_mixer!

	Now, about timidity and MIDI music.  Of course the version of

timidity embedded in SDL_mixer is very old (before it was forked off

into timidity++) because of licensing conflicts, and bug reports like

this one have been because of its bugs and shortcomings.  I don't know

about any security holes in the old version of timidity, though -- are

there any security alerts posted anywhere?

	Unfortunately, native_midi_gpl isn't very flexible.  It hits the

hardware (GUS, AWE, FM or OPL3) directly, which isn't very clean or 

compatible.  So I'd recommend leaving timidity enabled even if

native_midi_gpl is enabled, just from a usability perspective.

-- 

To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST_at_lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster_at_lists.debian.org