[MPlayer-dev-eng] [PATCH] Do not read codecs.conf files by default
Michael Niedermayer
michaelni at gmx.at
Wed Jan 17 19:13:29 CET 2007
Hi
On Wed, Jan 17, 2007 at 04:24:56PM +0100, Diego Biurrun wrote:
[...]
> > > The "security" argument cuts both ways. You could slip somebody a
> > > codecs.conf file to make them vulnerable ...
> >
> > people who would install a random unchecked config file will also install
> > a random .bashrc so this argument is meaningless
> >
> >
> > > > iam fine with a hard failure but blindly ignoring a config file and
> > > > doing something else then whats written in the file is IMO not ok
> > >
> > > I think we're having a semantic misunderstanding here.
> > >
> > > A configuration file is a file a program reads to get information and
> > > adjust parameters according to that information. Should I commit my
> > > patch codecs.conf will simply stop being a configuration file. So it's
> > > not "blindly ignored".
> >
> > it doesnt matter why the users condecs.conf is not read anymore, what
> > matters is that the user is not aware of the change which could lead
> > to security issues
>
> I maintain that this is an esoteric example. The change would of course
> be mentioned in the release notes. If somebody is paranoid enough to fear
> codecs.conf files, reading release notes can be expected.
i maintain that i am VERY STRONGLY against ignoring an installed codecs.conf
and no i wont participate in this disscussion any further as theres no sense
in it, the suggested change puts users at risk and that fact has not been
disputed by any of the arguments
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Republics decline into democracies and democracies degenerate into
despotisms. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20070117/e0ee03dc/attachment.pgp>
More information about the MPlayer-dev-eng
mailing list