The VideoLAN Forums

I've been looking for 0.9.8 since it has been mentioned here and there on these forums and the web pages. Today I got an email notification that it was a new version (actually 0.9.8.a) on the videohelp web site:
http://www.videohelp.com/tools/VLC_media_player
One of their links led to the 0.9.6 version but the mirror link they (videoHelp) provided downloaded a file name with 0.9.8 in the name. I tried to install from it three times and re-downloaded it too. In all cases it will not run, putting up an error message that it can't start because it isn't confgured correctly.

I'm not new to installing VLC player and I'm just doing the same things I always do.

And it really seems peculiar that a newer release is being offered via the VideoHelp mirror than is available on the official VideoLan or VLC player web pages!

A final builds has not been released yet - when they are the will be posted on the official site:
http://www.videolan.org/

It appears VideoHelp.com got the build from the nightlies site (here). In the meantime try one of j-b's test builds here:
http://people.videolan.org/~jb/0.9.8a/

Arite.

Thanks Arite,

However, I have already downloaded the 0.9.8a version you suggested from j-b (http://people.videolan.org/~jb/0.9.8a/v ... -win32.exe) and find it is actually binary identical to the one hosted by videoHelp.com. It looks like something was wrong with the windows installer package for that version. The j-b 0.9.8 version (http://people.videolan.org/~jb/0.9.8/vl ... -win32.exe) does install and run OK for me.

Taking test builds and presenting them as final is too bad for you...

Don't take builds OUTSIDE of videolan.org. period.

You owe it to yourselves to do things in the correct order: make the package _THEN_ announce it. If you have not "released" 0.9.8a then you should not have told the world there is a security problem. Putting an announcement like that on the top page of the web site before you are ready to make good on the statement was a stupid thing to do, especially when you claim the update is for a security fix.

If you want your package to succeed in the marketplace you will need to learn a bit more discipline. You should wait until you have the fix packages up before you make the announcement. What I typically do is put the package up for the mirrors at least 72 hours before the announcement goes out.

All you've succeeded in doing with the 0.9.8a announcement is tell the black-hats you have a problem, where they need to look for the attack, and that they have a few days to hack into your user's computers before you'll bother to get around to fixing it.

Do it right next time. In the meantime, you need to put the ~jb package out ASAP.

Question: How come http://www.videolan.org/security/sa0811.html said to use 0.9.8a when the version is unofficially out?

You owe it to yourselves to do things in the correct order: make the package _THEN_ announce it. If you have not "released" 0.9.8a then you should not have told the world there is a security problem. Putting an announcement like that on the top page of the web site before you are ready to make good on the statement was a stupid thing to do, especially when you claim the update is for a security fix.

If you want your package to succeed in the marketplace you will need to learn a bit more discipline. You should wait until you have the fix packages up before you make the announcement. What I typically do is put the package up for the mirrors at least 72 hours before the announcement goes out.

All you've succeeded in doing with the 0.9.8a announcement is tell the black-hats you have a problem, where they need to look for the attack, and that they have a few days to hack into your user's computers before you'll bother to get around to fixing it.

Do it right next time. In the meantime, you need to put the ~jb package out ASAP.

Seriously, we don't OWE you anything.
If you are so afraid of potential security issues, just follow the advisory and remove the real plugin.