[FFmpeg-devel] FFmpegs future and resigning as leader

tim nicholson nichot20 at yahoo.com
Tue Aug 4 10:01:00 CEST 2015


On 03/08/15 20:43, Michael Niedermayer wrote:
> On Mon, Aug 03, 2015 at 08:51:10AM +0100, tim nicholson wrote:
>> On 31/07/15 17:19, Michael Niedermayer wrote:
>>> On Fri, Jul 31, 2015 at 05:37:12PM +0200, Clément Bœsch wrote:
>>> [...]
>>>> So in order for the community to continue this, I'd say we probably need
>>>> to have some help for:
>>>>
>>>> - guidelines on the merge strategies
>>>> - step-by-step on the release process
>>>
>>>> - some overview on the sysadmin state (like, what happens with the recent
>>>>   server offers?)
>>>
>>> i accepted the 2 offers which noone objected against (on the ML),
>>> so FFmpeg should
>>> get 2 boxes that things can be moved to and which should be dependable
>>> it does need volunteers doing the work.
>>> Maybe lou, beastd, tim nich, roberto and you would be willing to help
>>> move things to them
>>
>> I am up for assisting where I can, but August is going to be mainly
>> holiday for me ;)
>>
>>
>>> it was discussed to move things into virtual machines (qemu) for
>>> higher security, isolation and ease of future moving.
>>
> 
>> If we go kvm etc, prebuilding a base image beforehand that can then be
>> forked for postfix/Apache/trak etc would be useful.
> 
> yes
> 
> 
>>
>> In fact there are some pre-built images already for some things, e.g
>>
> 
>> https://www.turnkeylinux.org/issue-tracking?page=1
> 
> has these been build by someone who knows about security ?
> or would it require a security audit to ensure no auth stuff /session
> keys / host keys / prng state / whatever is carried over from the
> public image ?
> 

>From a quick look they seem to know what they are doing. On first run it
behaves somewhat like the end of an install process first boot, so each
instance is different with regenerated keys. When I tried 2 separate
instances from scrach I confirmed they had different host keys. I didn't
go deeper than that at the time. Obviously prng integrity is important
and would need checking.

> [...]


-- 
Tim.
Key Fingerprint 38CF DB09 3ED0 F607 8B67 6CED 0C0B FC44 8B0B FC83


More information about the ffmpeg-devel mailing list