[FFmpeg-devel] [RFC] dormant git accounts
Derek Buitenhuis
derek.buitenhuis at gmail.com
Mon Nov 11 12:02:27 EET 2024
On 11/10/2024 2:59 PM, Michael Niedermayer wrote:
> Its there since a long time:
> https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt
[...]
> If something is missing, its not going to improve on its own.
> Someone will have to say _what_ is missing and work toward filling it in.
Pretty hard to list infra you don't know exists.
For example, I only recently noticed ffmpeg.org goes through avcodec.org DNS:
ns1.avcodec.org - telepoint.bg
ns2.avcodec.org - KIFU (Government Info Tech Development Agency)
ns3.avcodec.org - CDLAN SpA
Who owns avcodec.org? Who runs these DNS servers? Who has access? Who has contacts?
It's a supply chain attack risk - you could hijack ffmpeg.org per IP or Geo.
And this is just one example.
- Derek
More information about the ffmpeg-devel
mailing list