overreacting (was: Re: [MPlayer-dev-eng] uau - svn account removal)

Uoti Urpala uoti.urpala at pp1.inet.fi
Mon Feb 26 03:03:26 CET 2007


On Mon, 2007-02-26 at 01:26 +0100, Michael Niedermayer wrote:
> if such changes are tolerated mplayer will soon be a trojanized application
> as noone can or will review such changes for malicious code

You're seriously using the chance that I might intentionally add
vulnerabilities as a reason?

Even if I for some reason wanted to have vulnerabilities in MPlayer
there are 2 problems with your argument:
1) If I really wanted to add vulnerabilities you would not spot them
from commit logs whatever the formatting (if you were capable of that
you'd spot every unintentional one)
2) I'm pretty sure I could find at least one existing vulnerability
(created by someone else) with the effort I've spent on the changes, and
thus would know a vulnerability that would in no way be connected to me.

> please diego, go and debug some bug before telling the developers
> what is clean and accpetable and what is not, for example i have 2 h.264

I don't know about Diego, but I have debugged quite a lot of bugs and I
can tell you what is clean and acceptable and what is not.

> streams which dont decode correctly anymore, ill debug this by
> doing a binary search in svn as the alternative is 10 times more
> work (and iam speaking from experience here and iam not exagerating)
> if now my binary search would end on a 200k change i would have a
> problem ...

What is the probability that 1) my commit triggers a bug, and 2) doing
the commit differently would have saved more time debugging than it took
extra time during commit? Answer: certainly below 5%, most likely below
1%. (And yes I am speaking from experience here.)




More information about the MPlayer-dev-eng mailing list