[MPlayer-dev-eng] mplayer & DSA 1244-1
Ivan Kalvachev
ikalvachev at gmail.com
Fri Dec 29 23:33:27 CET 2006
2006/12/29, Uoti Urpala <uoti.urpala at pp1.inet.fi>:
> On Fri, 2006-12-29 at 23:09 +0200, Ivan Kalvachev wrote:
> > Next time first read
> > http://www.mplayerhq.hu/DOCS/HTML/en/bugreports_security.html
>
> The xine-lib vulnerability was published already, so posting that
> privately first wouldn't help. That MPlayer has similar affected code
> might not be obvious though.
I haven't criticized him for sending mail here. Why are you implying it?
Sending mail to security@ is recommended because it is very-low
volume, compared to
high volume mplayer-dev list. Also, security@ does NOT require
subscription for sending mails.
When sending patch in -dev the mail must contain [PATCH].
Adding [SECURITY] or [ADVISORY] to the subject would bring developers
attention.
(Once there was a security report with subject like "MPlayer remote
control" send to mplayer-users, it wasn't about lirc (linux infrared
remote control).
Person that maintains MPlayer package must at learn how to properly
contact developers.
More information about the MPlayer-dev-eng
mailing list