On Wed, Jan 27, 2016 at 02:04:06PM +0100, Michael Niedermayer wrote: > On Sun, Jan 24, 2016 at 07:39:18PM +0100, Nicolas George wrote: > > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : [...] > > > > > another problem of the struct is that depending on from which lib > > > the protocols are set the same protocol may have unequal pointers > > > > > > which system do people prefer ? > > > do we have a volunteer to implement a struct based system ? > > > > > > do people want the string based solution to be applied till then > > > or to not have this security feature until then ? > > > > Do we want a good fix, or do we want a quick fix? As I explained earlier, a > > good fix requires designing a real security policy, not just a stupid > > whitelist. It will take time. > > a fix, good or not that isnt implemented is useless > > I am not really attracted to the design you suggest, to me its worse > in several ways but above all its alot more work. So I dont volunteer
to elaborate and avoid misuderstanding redesigning Codec, Format and Protocol registration does make sense iam not against that at all but iam not motivated to implement that, its alot of work and it feels alot more limited if used as the only way to whitelist things instead of a seperate whitelist. For example the string could easily be extended to support specific chains of protocols like "https->tls->tcp" so that the user is not allowed to directly pass tcp/tls urls but only https and https itself then is only allowed to access tls, ... [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In fact, the RIAA has been known to suggest that students drop out of college or go to community college in order to be able to afford settlements. -- The RIAA
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
