Closed fdelapena closed 3 years ago
cannam
commented
8 years ago I noticed this once, but I didn't see a pressing reason to change it: what we have appears to work well, managing dependencies has a cost, and it's very useful to have a bundled implementation to fall back on. Can you suggest any opposing reasons why it would be good to change this?
fdelapena
commented
8 years ago For example, to prevent issues like CVE-2014-1542, distributions are monitoring security issues but this is not usual for upstream software with embedded source code copies.
cannam
commented
3 years ago At this moment I believe the better solution is to move away from using the speex resampler (because of other problems to do with rate changing). It's now generally recommended to use libsamplerate, and the default will change to that in the next release. In future there may be other options recommended, but the situation can be revisited then.
Since 1.2rc2, speexdsp is a separate package and a library, so rubberband does not need a copy of the speex resampler source code anymore.