[FFmpeg-devel] [RFC] Commit tags : security

Ismail Dönmez ismail
Fri Oct 26 17:14:11 CEST 2007


Friday 26 October 2007 Tarihinde 04:59:38 yazm??t?:
> if you are asking for a mailing list where security issues and their fixes
> could be discussed and people could post found security issues that would
> be fine
>
> but if you are asking us to delay commiting fixes to secholes to svn so
> that you can prepare some fixed package this is completely out of question
>
> it would increase the security of ffmpeg packages in distros
> at the expense of the security of ffmpeg svn
> it would also significantly delay not only the point where a security fix
> is made public in svn but also when it is made available from distros
> having it public earlier forces distros to work faster :)

1-day early notice would do fine imho. :) But just CC'in the list for security 
issue after or before commiting would be fine too.

Also we could share our distro patches in that mailing list.

Regards,
ismail

-- 
Faith is believing what you know isn't so -- Mark Twain




More information about the ffmpeg-devel mailing list