On 11/10/2024 2:59 PM, Michael Niedermayer wrote:
> Its there since a long time:
> https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt

[...]

> If something is missing, its not going to improve on its own.
> Someone will have to say _what_ is missing and work toward filling it in.

Pretty hard to list infra you don't know exists.

For example, I only recently noticed ffmpeg.org goes through avcodec.org DNS:

ns1.avcodec.org - telepoint.bg
ns2.avcodec.org - KIFU (Government Info Tech Development Agency)
ns3.avcodec.org - CDLAN SpA

Who owns avcodec.org? Who runs these DNS servers? Who has access? Who has 
contacts?

It's a supply chain attack risk - you could hijack ffmpeg.org per IP or Geo.

And this is just one example.

- Derek
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to