[FFmpeg-devel] [PATCH] Add FITS Demuxer
Nicolas George
george at nsup.org
Tue Jul 4 12:43:55 EEST 2017
Le sextidi 16 messidor, an CCXXV, Nicolas George a écrit :
> If you change that into "a handful of kilo-octets", then for a project
> like FFmpeg (which is not a monster like a Gui toolkit but neither meant
> for embedded systems with tiny limits) I agree.
>
> But "a handful bytes", I consider the added security to be the same
> level as stopping people at the entrances of a mall to have a passing
> glance at their handbag: pure theater. The wasted time could be more
> efficiently be used to other security-related tasks. Reimplementing
> FFmpeg in Rust for example.
Forgot to add: since this is really an OS and compiler problem and "you
don't have to run faster than the bear to get away, you just have to run
faster than the guy next to you", until all other programs that may have
to deal with untrusted data is as careful as FFmpeg, enhancing the
security here would have little effect anyway. We can sleep on both
ears for the time being.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170704/3458101d/attachment.sig>
More information about the ffmpeg-devel
mailing list