[FFmpeg-devel] [RFC] Commit tags : security
Ismail Dönmez
ismail
Thu Oct 25 23:14:25 CEST 2007
Thursday 25 October 2007 Tarihinde 22:15:59 yazm??t?:
> The security people at Gentoo are a bit puzzled about how to handle
> security and ffmpeg, mostly because is relatively hard to figure when a
> fix addresses a security issue or not. So far Michael just puts
> "security" in the commit message and that helps a bit.
>
> What they'd like in order to track better and help evaluating issues is
> to have commit that fix probable issues marked with [sec] or even
> better, if you have an idea about the severity [sec+{0,1,2,3,4,5}] with
> 0 meaning "unsure" and 5 meaning high failure.
>
> FFmpeg is quite widely used and giving clues on which revision should be
> used as update is quite important to outside projects.
I would like a ffmpeg-packagers@ mailing list which is private to FFmpeg
packagers, then security issue could be pre-notified so that we can do
releases after commit is fixed to SVN.
I am asking too much maybe? :)
--
Faith is believing what you know isn't so -- Mark Twain
More information about the ffmpeg-devel
mailing list