On Sat, 26 Nov 2016 18:05:52 +0100 Nicolas George <geo...@nsup.org> wrote:
> Le sextidi 6 frimaire, an CCXXV, compn a écrit : > > so unlikely that i cannot even imagine the odds. > > Any scientific reason why? if one wants to be worried about security issues, there are bigger fish to fry. for one example, how about any and all patches applied to ffmpeg by various distros ? https://lists.debian.org/debian-security-announce/2008/msg00152.html because this is a real threat to our users' security. not some lost commit key. we should be analyzing all distro patches and making sure all CVE fixes get applied by distros as well. our other developer policies help to mitigate any lost/stolen commit keys anyway. public patch posting and mailing list review, static code analyzing etc. has any developer come back from the proverbial "dead" , like say fabrice, to make a new commit? no. would we take notice if he did? yes of course. have developers had write access, been hired by large multinational corporations, stopped developing ffmpeg as a hobby, and then come back years later to work on ffmpeg as part of their employment? yes! multiple times. just my personal opinion. theres really not much difference between keeping old author accounts or deleting old author accounts from a real world perspective. one plan just takes some precious time away from the busy developer. because he has to make a list, and check it twice, just to find out who is naughty and who is nice. he sees when you are active... he sees when you are inactive... -compn (help, i've had far too much eggnog.) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
