[FFmpeg-devel] [RFC] dormant git accounts
Derek Buitenhuis
derek.buitenhuis at gmail.com
Mon Nov 11 19:00:42 EET 2024
On 11/11/2024 4:42 PM, Michael Niedermayer wrote:
> Publically listing which developer provides which part of the DNS infra
> makes it easier to attack not harder.
> That said, i suspect who provides what was mentioned in the past already
It is already publically available info to anyone who can look up an IP.
> If an attacker doesnt know who provides a server then the attacker can only
> attack the server directly via its name and IP.
> If an attacker knows who owns the server then he can perform a wide
> range of additional attacks. For example
> Impersonating that developer towards the server hoster, or if the attacker
> can figure out the phone number of the developer then sim swaping becomes
> possible. From that various other accounts can then be taken over and
> Once an attacker is in control of phone and email of someone further
> account compromises become increasingly easy.
>
> I do not think we would be doing FFmpeg a service or improve security
> by listing everyones names in a public file. Even if most of this
> probably was said publically already, having it in one single place
> makes it even easier for an attacker
This only convinces me further that it this whole setup ins't for for purpose,
and is being run by people who have no concept of actual security. This is
totally insane.
- Derek
More information about the ffmpeg-devel
mailing list