[rtmpdump] add support for PolarSSL-1.3.x to rtmpdump
Eugene Rudoy
gene.devel at gmail.com
Fri May 30 18:00:34 CEST 2014
Hi Julian,
first of all there at least two branches not affected by any (known)
security vulnerability anymore (s.
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05,
it's actually the same advisory you pointed out to in your mail from
May 2nd). So it does make sense to support multiple versions of
PolarSSL.
As to supporting vulnerable versions. You're absolutely right, I also
consider it to be a much better behaviour if compiling would fail if
vulnerable version is used. But "adding support for another main
version" and "dropping support for all vulnerable versions" are two
different topics for me and thus should not be mixed up in the same
commit. I won't have much time next days to do it myself, so feel free
to provide a patch dropping support for all vulnerable versions.
Best,
Gene
On Fri, May 30, 2014 at 1:51 PM, hasufell <hasufell at gentoo.org> wrote:
> With that patch, you support vulnerable versions of polarssl.
>
> Upstream developers should never rely on distributors to fix this. The
> code should not compile with any known vulnerable version.
> _______________________________________________
> rtmpdump mailing list
> rtmpdump at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump
More information about the rtmpdump
mailing list