[FFmpeg-devel] [REQUEST] ffmpeg-security subscription

Paul B Mahol onemda at gmail.com
Tue Aug 13 10:45:51 EEST 2019 

On Mon, Aug 12, 2019 at 6:15 PM Michael Niedermayer <michael at niedermayer.cc>
wrote:

> Hi Paul
>
> On Mon, Aug 05, 2019 at 11:50:04AM +0200, Paul B Mahol wrote:
> > Hi,
> >
> > I here hereby request from lead FFmpeg entity to give me subscription to
> > ffmpeg-security mailing list.
>
> I am not sure who or what a "lead FFmpeg entity" is, But as iam being
> highlighted
> on IRC by you in relation to this, and as iam the most active developer on
> security issues in ffmpeg it would be inpolite from me if i didnt say
> something.
>

You are the only one working on this.


>
> About ffmpeg-security,
> Theres currently no need for more manpower to handle security issues. We
> have
> a backlog of a few days of fuzzing issues only which is shrinking. And no
> other
> issues besides fuzzing issues. (part of the backlog probably was the
> result
> of distractions and some longer review cycles on some patches recently)
> Also all patches are being posted in public so no access is needed for
> reviews.
>

I strongly disagree. And I haven't asked if you need help.


>
> I think many of the complaints from people about some of the patches
> should be
> resolved by the recent addition of thresholds on all pixels decoded. That
> way
> slow video decoders can have their timeout thresholds effectively tuned and
> would no longer require ugly changes which several people did not like.
> That wont eliminate all uglyness but it should reduce it.
>
> PS: also keep in mind that we recently increased coverage of the fuzzers
> this created a spike of new issues, so besides more such spikes from more
> coverage increases the amount of new issues is expected to decrease over
> time
>
> Thanks
>
> [...]
>
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list