Ganesh Ajjanagadde <gajjanag <at> mit.edu> writes: > > No question, it would be better if tests would be added quicker ... > > I do not doubt this, but at the moment we do not enforce it. > Do you see any trouble in enforcing this requirement from > major release to next major release?
I am against adding such a "hard" requirement. I believe we have filters that are impossible / very difficult to test. [...] > >> 17. There MUST be no unpatched vulnerabilities of > >> medium or high severity that have been publicly > >> known for more than 60 days. > >> Do we guarantee this? (What is "medium or high severity"? I only remember now that concat protocol was "low" and that we fixed it after a few days.) I am sorry if I completely misunderstand this sentence but I am 100% sure we do not guarantee that we fix future vulnerabilities within a given time. (on the contrary, see our license) Additionally, I suspect there is no open source project that can guarantee this. In case I do understand the above sentence correctly, I believe we should not try to apply (read "phony"). Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
