[FFmpeg-trac] #3905(undetermined:new): HTTPS SSL certificate for source.ffmpeg.org is broken

FFmpeg trac at avcodec.org
Sat Aug 30 13:36:19 CEST 2014

#3905: HTTPS SSL certificate for source.ffmpeg.org is broken
             Reporter:               |                    Owner:
  ahthovaikied                       |                   Status:  new
                 Type:  defect       |                Component:
             Priority:  normal       |  undetermined
              Version:  unspecified  |               Resolution:
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |

Comment (by ahthovaikied):

 Replying to [comment:3 cehoyos]:
 > Isn't the advantage of using https over http that you know the content
 of the transmission was not changed?
 That is only one part of what SSL has to offer when done right: integrity.
 There is also authentication and confidentiality.
 There is no point to guarantee the transmission was not changed, if you
 can not guarantee it is coming from the server you think it is.

 Replying to [comment:3 cehoyos]:
 > You cannot change a git repository without anybody noticing because it
 would change the version hashes.
 That would only be seen if you try to push the compromised repository to a
 non compromised one.
 An attacker could still setup a trivial MITM attack, alter the source code
 (and the hashes), and thus inject malicious code in the FFmpeg binary.

Ticket URL: <https://trac.ffmpeg.org/ticket/3905#comment:4>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list