[FFmpeg-devel] [RFC] ffmpeg security
michael at niedermayer.cc
Sat Feb 11 05:14:31 EET 2017
On Fri, Feb 10, 2017 at 04:43:17PM -0300, James Almer wrote:
> On 2/10/2017 4:03 PM, Michael Niedermayer wrote:
> > Hi community
> > what do you prefer about the ffmpeg-security alias ?
> > in no particular order
> > Should everyone on the alias be listed in MAINTAINERs under a
> > ffmpeg-security point?
> I'd say yes. From a transparency PoV, people should know who will
> get access to such reports.
> > Should for everyone who is on the alias a reason be listed in
> > MAINTAINERs why (s)he is on the alias ?
> IMO, there's no need for this. Read below.
> > Should everyone on the alias have a reason beyond curiousity to be
> > on the alias? (that is a reason that clearly benefits FFmpeg)
> Yes, it should be about intending to fix reports and/or review fixes
> made by others. Curiosity alone is not enough at all.
We have 938 open bugs on trac
We have 84 open bugs on trac that contain the keyword "regression"
We have 55 open coverity issues
We have 475 patches on patchwork needing some action, either having
their status updated if its wrong or needing review/apply/reject
someone wanting to review patches can do that
someone wanting to fix issues can do that
We have no open security issues on the ffmpeg-security alias, we have
no patches that need a review, in fact i think we have had no patch
there this year yet. (not countig ones referenced from ffmpeg-devel)
So one wanting to review patches or fix issues shouldnt really have
much desire on ffmpeg-security.
We can add more people to it, but what does that fix?
Shouldnt we rather try to find someone to fix the regressions on trac
or go over the patches on patchwork ?
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The worst form of inequality is to try to make unequal things equal.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: Digital signature
More information about the ffmpeg-devel