[FFmpeg-devel] [REQUEST] ffmpeg-security subscription

Reimar Döffinger Reimar.Doeffinger at gmx.de
Fri Aug 16 05:18:20 EEST 2019


On 15.08.2019, at 13:15, Vittorio Giovara <vittorio.giovara at gmail.com> wrote:
>  if you use ffmpeg in your $dayjob, being notified of security problem
> in ffmpeg, and acting upon it before the fix lands in the tree, may be
> crucial.

I realize I only responded to this specific part only in the context of this discussion.
Which might give the wrong impression.
I'd LOVE for someone to come up with documentation and criteria and then create and managing a mailing
list of important and trusted USERS (which might overlap with developers, but I'd expect it to be more people in admin/deployment positions, or DevOps or such), similarly to what the Linux kernel has.
And a guideline for when it would be used.
I would expect anyone handling security issues would make an effort to have that list involved as appropriate and be happy to have a way to give a heads-up to critical users (correct me if I'm wrong on that).
But it would need one or more volunteers to do the work.


More information about the ffmpeg-devel mailing list