On Wed, Jan 20, 2016 at 05:06:37PM +0100, Nicolas George wrote: > Le primidi 1er pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > From: Michael Niedermayer <mich...@niedermayer.cc> > > > > This should prevent the unintended use of concat > > I am rather against this patch and the corresponding for subfile: these > protocols are not harmful by themselves, they are dangerous if and only > another protocol or format allows untrusted sources to provide arbitrary > URLs. This kind of preemptive blacklisting is bound to fail (new protocols > are added frequently, and they may be more dangerous than just concat or > subfile) and only mitigates a few of the possible attacks.
it seems some people disagree about this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811519 it would be nice to have this resolved, either by disabling concat by default in releases branches prior to whitelists or this bug report being closed as invalid or whatever the appropriate state is [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In a rich man's house there is no place to spit but his face. -- Diogenes of Sinope
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
