On 9/22/23, Michael Niedermayer <mich...@niedermayer.cc> wrote: > On Fri, Sep 22, 2023 at 11:32:27AM +0200, Paul B Mahol wrote: >> On Fri, Sep 22, 2023 at 11:28 AM Michael Niedermayer >> <mich...@niedermayer.cc> > [...] > >> If you mean real FFmpeg work, than by all means give access to services >> only you have to other >> interesting parties, like security related reports and others. > > what ? > > There are 633 open issues in coverity, every FFmpeg developer can work on. > i remember bringing this number down years ago to something rather small but > now > the statistics dwarf that with the upward trend ... > > if you mean oss-fuzz, there are 18 tickets public about FFmpeg, anyone can > work on these > https://bugs.chromium.org/p/oss-fuzz/issues/list?q=ffmpeg > > and the ffmpeg ossfuzz tickets, go to > ffmpeg-security, 3 people from google, 1 from mozilla, jb > and ffmpeg-security is me, reimar, ce, andreas cadhalpun, ubitux, rodger > combs > > so thats not just me > and a quick count, i think i have 32 open ossfuzz issues in my inbox, > with the 18 subtracted more are public with noone caring about. > if we assume i fix 5 a day, what is that, 4 days of work, to fix the ones > that are > not public. (that doesnt count ossfuzz hiding 12 issues in 62164 but yeah > these ive > already posted fixes for i think) > > Also theres our bug tracker and just the normal compiler warnings > if you want to work on this sort of thing > > where are the developers who want to work on something above but do not > have > access ? > > the only other issue i remember on ffmpeg-security thats not spam and not > ossfuzz > is a XSS issue in the fate server which i believe nicolas is working on. > If someone is interrested in working on the fate server code, please come > forth > the code is in need for a maintainer outside this issue. I just had asked > nicolas > about it because i did not know anyone else who knows perl and be willing > to help look into a not entirely trivial (for me) issue in fate server >
Do not lie, you are working for FFlabs now. > thx > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Everything should be made as simple as possible, but not simpler. > -- Albert Einstein > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
