[FFmpeg-devel] [RFC] Commit tags : security

Ismail Dönmez ismail
Thu Oct 25 23:14:25 CEST 2007


Thursday 25 October 2007 Tarihinde 22:15:59 yazm??t?:
> The security people at Gentoo are a bit puzzled about how to handle
> security and ffmpeg, mostly because is relatively hard to figure when a
> fix addresses a security issue or not. So far Michael just puts
> "security" in the commit message and that helps a bit.
>
> What they'd like in order to track better and help evaluating issues is
> to have commit that fix probable issues marked with [sec] or even
> better, if you have an idea about the severity [sec+{0,1,2,3,4,5}] with
> 0 meaning "unsure" and 5 meaning high failure.
>
> FFmpeg is quite widely used and giving clues on which revision should be
> used as update is quite important to outside projects.

I would like a ffmpeg-packagers@ mailing list which is private to FFmpeg 
packagers, then security issue could be pre-notified so that we can do 
releases after commit is fixed to SVN.

I am asking too much maybe? :)

-- 
Faith is believing what you know isn't so -- Mark Twain




More information about the ffmpeg-devel mailing list