[MPlayer-dev-eng] mplayer & DSA 1244-1

Uoti Urpala uoti.urpala at pp1.inet.fi
Fri Dec 29 23:46:55 CET 2006


On Sat, 2006-12-30 at 00:33 +0200, Ivan Kalvachev wrote:
> 2006/12/29, Uoti Urpala <uoti.urpala at pp1.inet.fi>:
> > On Fri, 2006-12-29 at 23:09 +0200, Ivan Kalvachev wrote:
> > > Next time first read
> > > http://www.mplayerhq.hu/DOCS/HTML/en/bugreports_security.html
> >
> > The xine-lib vulnerability was published already, so posting that
> > privately first wouldn't help. That MPlayer has similar affected code
> > might not be obvious though.
> 
> I haven't criticized him for sending mail here. Why are you implying it?

That's what I thought you were criticizing him for.

> Sending mail to security@ is recommended because it is very-low
> volume, compared to
> high volume mplayer-dev list. Also, security@ does NOT require
> subscription for sending mails.
> 
> When sending patch in -dev the mail must contain [PATCH].
> Adding [SECURITY] or [ADVISORY] to the subject would bring developers
> attention.

Currently it's fairly low volume and to me the "DSA 1244-1" part already
implied it might be security-related. I can see how that might not be
obvious to everyone though. Anyway for those reasons I didn't see much
wrong with the mail content when reading it, and so implicitly assumed
you were criticizing him because of the list choice.




More information about the MPlayer-dev-eng mailing list