[FFmpeg-devel] [RFC] dormant git accounts
compn
ff at hawaiiantel.net
Wed Nov 13 22:44:29 EET 2024
On Wed, 13 Nov 2024 12:29:22 -0500
Leo Izen <leo.izen at gmail.com> wrote:
> Yes, clearly, but an issue has come up that apparently we don't know
> who has access to our infrastructure. How do we not know this?
no.
the server admins know who has access. the access list isnt a public
document. some developers want it to be a public document.
i dont particularly care if the list is public or not.
i am curious to know why this is now an important issue, though.
people are using XV as an example, sure. but XV is not ffmpeg.
although i guess a distro could always tie ffmpeg and ssh into systemd
because they have no brains.
backdoors get installed in software all the time. and hardware.
to prevent an XV type backdoor in the future, separate source code from
binary testfiles in all open source projects. its difficult to hide an
exploit like that in source code, but much easier when you can throw a
big binary blob in the repo.
-compn
More information about the ffmpeg-devel
mailing list