[FFmpeg-devel] [PATCH] [RFC]MAINTAINERS: Add developers who have git write access but are otherwise not listed

compn tempn at mi.rr.com
Sun Nov 27 02:49:59 EET 2016

On Sat, 26 Nov 2016 18:05:52 +0100
Nicolas George <george at nsup.org> wrote:

> Le sextidi 6 frimaire, an CCXXV, compn a écrit :
> > so unlikely that i cannot even imagine the odds.
> Any scientific reason why?

if one wants to be worried about security issues, there are bigger fish
to fry.

for one example, how about any and all patches applied to ffmpeg by
various distros ?


because this is a real threat to our users' security. not some lost
commit key. we should be analyzing all distro patches and making sure
all CVE fixes get applied by distros as well.

our other developer policies help to mitigate any lost/stolen commit
keys anyway. public patch posting and mailing list review, static code
analyzing etc.

has any developer come back from the proverbial "dead" , like say
fabrice, to make a new commit? no. would we take notice if he did? yes
of course. have developers had write access, been hired by large
multinational corporations, stopped developing ffmpeg as a hobby, and
then come back years later to work on ffmpeg as part of their
employment? yes! multiple times.

just my personal opinion. theres really not much difference between
keeping old author accounts or deleting old author accounts from a real
world perspective.

one plan just takes some precious time away from the busy developer.
because he has to make a list, and check it twice, just to find out who
is naughty and who is nice.

he sees when you are active... he sees when you are inactive...

(help, i've had far too much eggnog.)

More information about the ffmpeg-devel mailing list