On Fri, Sep 22, 2023 at 11:32:27AM +0200, Paul B Mahol wrote: > On Fri, Sep 22, 2023 at 11:28 AM Michael Niedermayer <mich...@niedermayer.cc> [...]
> If you mean real FFmpeg work, than by all means give access to services > only you have to other > interesting parties, like security related reports and others. what ? There are 633 open issues in coverity, every FFmpeg developer can work on. i remember bringing this number down years ago to something rather small but now the statistics dwarf that with the upward trend ... if you mean oss-fuzz, there are 18 tickets public about FFmpeg, anyone can work on these https://bugs.chromium.org/p/oss-fuzz/issues/list?q=ffmpeg and the ffmpeg ossfuzz tickets, go to ffmpeg-security, 3 people from google, 1 from mozilla, jb and ffmpeg-security is me, reimar, ce, andreas cadhalpun, ubitux, rodger combs so thats not just me and a quick count, i think i have 32 open ossfuzz issues in my inbox, with the 18 subtracted more are public with noone caring about. if we assume i fix 5 a day, what is that, 4 days of work, to fix the ones that are not public. (that doesnt count ossfuzz hiding 12 issues in 62164 but yeah these ive already posted fixes for i think) Also theres our bug tracker and just the normal compiler warnings if you want to work on this sort of thing where are the developers who want to work on something above but do not have access ? the only other issue i remember on ffmpeg-security thats not spam and not ossfuzz is a XSS issue in the fate server which i believe nicolas is working on. If someone is interrested in working on the fate server code, please come forth the code is in need for a maintainer outside this issue. I just had asked nicolas about it because i did not know anyone else who knows perl and be willing to help look into a not entirely trivial (for me) issue in fate server thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Everything should be made as simple as possible, but not simpler. -- Albert Einstein
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
