[FFmpeg-devel] FYI: wine patchbot software

Michael Niedermayer michaelni
Thu Jun 4 18:46:12 CEST 2009


On Thu, Jun 04, 2009 at 05:39:25PM +0100, M?ns Rullg?rd wrote:
> Martin Lindhe <martin at startwars.org> writes:
> 
> > Hello, I just wanted to let you all know that the Wine project has
> > prodcued a "patch bot" software.
> >
> > The concept is simple:
> >
> > * A script pulls patches sent to wine devel list, applies to TRUNK,
> > compiles & perform regression tests
> 
> That is security suicide.  What if someone sends a patch that makes it
> do something really nasty?

The thing could have a delay of 24h between patch submission and test.

Anyway, what motiv would there be in an attack?
It would be noticed quickly, cause some work (restoring from backup)
but beyond that if the code is running in a properly isolated box,
physical or virtualized it really seems work with little
gain except the publicity of having done it.
Hell one could even run the stuff on a ramdisk and otherwise read only
virtualized system that only can send mail to a second virtualized
system that then checks that the mail is passing various checks before
forwarding it on the ML ...

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090604/05c893cd/attachment.pgp>



More information about the ffmpeg-devel mailing list