[FFmpeg-devel] [EXTERNAL] Request for Official GitHub Mirror of rtmpdump for Enhanced Security

Javier Matos Denizac javiermat at microsoft.com
Fri Apr 26 02:10:33 EEST 2024


Actually, I noticed that you publish release tarballs -> http://rtmpdump.mplayerhq.hu/download/, but I don’t see a release tarball for 2.4. Would y’all be willing to publish a release for 2.4 and maybe mint and publish a release tarball for 2.6?

As for why SHA-512, we use SHA-512 checksums to verify the integrity of the file and as an identifier for our asset caching mechanism. That way we can identify if we have already downloaded the tarball and avoid downloading it again.

- Javier

On Apr 25, 2024, at 8:38 AM, Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:

[You don't often get email from derek.buitenhuis at gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

On 4/23/2024 10:46 PM, Michael Niedermayer wrote:
Can you elaborate what the problem is ?
I would have thought https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.ffmpeg.org%2Frtmpdump.git&data=05%7C02%7Cjaviermat%40microsoft.com%7Cbbe1b884618b4d02416408dc6524b486%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638496455534699942%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Bz%2B00fGNCFNTtC24dDlwpDcwcsr87YPxRhusNhBsm5A%3D&reserved=0
is secure

I have to assume he means SHA-256, and not SHA-512.

git apparently supports using SHA-256 instead of SHA-1 hashes,
but support does not seem to be very mainstream. I am not even
sure GitHub supports it (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Forgs%2Fcommunity%2Fdiscussions%2F12490&data=05%7C02%7Cjaviermat%40microsoft.com%7Cbbe1b884618b4d02416408dc6524b486%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638496455534707598%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ywZOz2L6tmpAfk%2FoPnGgUlqjH441jGUMPh4TcVFN8KA%3D&reserved=0
seems to indicate not yet).

So either this is vcpkg trying to be vey aggressive in
requiring git features, or there is some clarification neeed.

- Derek
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel at ffmpeg.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fffmpeg.org%2Fmailman%2Flistinfo%2Fffmpeg-devel&data=05%7C02%7Cjaviermat%40microsoft.com%7Cbbe1b884618b4d02416408dc6524b486%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638496455534712191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=s6m5uKpOetHmePYbl%2BpSOCGGCk6GYoFU4A2cwk%2BpMzQ%3D&reserved=0

To unsubscribe, visit link above, or email
ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".



More information about the ffmpeg-devel mailing list