On Wed, 13 Nov 2024 12:29:22 -0500 Leo Izen <leo.i...@gmail.com> wrote:
> Yes, clearly, but an issue has come up that apparently we don't know > who has access to our infrastructure. How do we not know this? no. the server admins know who has access. the access list isnt a public document. some developers want it to be a public document. i dont particularly care if the list is public or not. i am curious to know why this is now an important issue, though. people are using XV as an example, sure. but XV is not ffmpeg. although i guess a distro could always tie ffmpeg and ssh into systemd because they have no brains. backdoors get installed in software all the time. and hardware. to prevent an XV type backdoor in the future, separate source code from binary testfiles in all open source projects. its difficult to hide an exploit like that in source code, but much easier when you can throw a big binary blob in the repo. -compn _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".