Le sextidi 16 messidor, an CCXXV, Nicolas George a écrit : > If you change that into "a handful of kilo-octets", then for a project > like FFmpeg (which is not a monster like a Gui toolkit but neither meant > for embedded systems with tiny limits) I agree. > > But "a handful bytes", I consider the added security to be the same > level as stopping people at the entrances of a mall to have a passing > glance at their handbag: pure theater. The wasted time could be more > efficiently be used to other security-related tasks. Reimplementing > FFmpeg in Rust for example.
Forgot to add: since this is really an OS and compiler problem and "you don't have to run faster than the bear to get away, you just have to run faster than the guy next to you", until all other programs that may have to deal with untrusted data is as careful as FFmpeg, enhancing the security here would have little effect anyway. We can sleep on both ears for the time being. Regards, -- Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
