lör 2024-11-02 klockan 12:34 +0100 skrev Michael Niedermayer: > Hi > > At teh current videolan developer days there where several surprise votes on > FFmpegs > infractructure. And to the best of my knowledge no remote participation > and no recording. > > So let me try to reply to the idea of the general assembly choosing who has > root access. > > We have seen a raise of increasingly sophisticated attacks in recent times. > For example thx xz backdoor, where the maintainer was pressured by many people > to add jia tan as maintainer who then eventually added a sophisticated hidden > backdoor. Compromising xz and ssh. (Which almost was not even detected) > > We have seen batteries being exchanged by explosives by the mosad injuring > members of a terrorist organization and probably a few innocent people. > You may agree with fighting terror but do you agree with explosives, > in maybe the phone someone of your familiy bought on ebay ? > > Just yesterday, lottie-player was replaced by a compromised version. > Stealing peoples money. > > Our GA is build of everyone who has > "authored more than 20 patches in the last 36 months in the main FFmpeg > repository" > > This is a very low bar for an attacker. Even if we did KYC (which i think > we should not) hiring 50 people to each write 20 patches is very doable even > for a small company or heck even a single individual could do this. > Let alone, a state actor.
As someone living in a country with a well-developed culture of non- profit organizations (föreningar), it's absolutely fascinating to see these kinds of discussions pop up on this list again and again I've been meaning to critique the idea that commits should be the membership criterion. It's biased towards those who write lots of patches rather than say being active on trac or reading specs or running infra or any other activities useful to the project Hostile takeover is a concern for any organization. One way to prevent it is that each new member is vetted by the existing membership. There is already a rule for this where the GA can decide on new members, which sounds decent enough to me (minus the vote part). Another is to institute dues. In some sense the commit criteria is a form of dues, only payable by those with a certain set of skills. It doesn't select for the things that are important in an organization. Oh and face-to-face meetings are very important to well-functioning orgs > What this means, and i think this is obvious to everyone, > is the GA cannot control critical infractructure access or things > that allow attacks by state actors. > Thats besides the root admins should generally be professional admins and not > "popular politicans". Which is ultimately what a popular vote produces. If you have to hold a vote on these things then you've already failed. Doubly so if you feel the need to hold a secret vote, as have been done multiple times in this project > Also the root team has to get along with each other and trust each other, > obviously. > And last, where is that professional admin who wants to do work and who has > no root access ? > I have to the best of my knowledge given every professional admin we have > on the FFmpeg team, who needed root access, root access. > Yes i would not give root access to people who are involved in every 2nd > flamewar > or who i totally do not get along. > Or if the request comes in a strange context, ... > But does the GA want to override that ? > You think that would improve things ? > > Please lets not turn root access into a harris vs trump style democracy > > If theres a professional, trusted, admin and there work that needs to be done > and (s)he has time, ability and will to do that work, nothing strange, > and noone says they dont get along with him/her. > I have and will give them root access. > if thats not the case > I dont think people would want me to give them root access. This sounds like a low bus factor issue. Democratic oversight is important. The struggle for democracy is an endless one /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
