On Mon, Aug 05, 2019 at 09:03:32PM +0200, Paul B Mahol wrote: > On Mon, Aug 5, 2019 at 8:55 PM Michael Niedermayer <mich...@niedermayer.cc> > wrote: > > > On Mon, Aug 05, 2019 at 05:57:47PM +0200, Paul B Mahol wrote: > > > On Mon, Aug 5, 2019 at 5:45 PM Michael Niedermayer > > <mich...@niedermayer.cc> > > > wrote: > > > > > > > On Mon, Aug 05, 2019 at 05:24:31PM +0200, Paul B Mahol wrote: > > > > > On Mon, Aug 5, 2019 at 5:21 PM Michael Niedermayer > > > > <mich...@niedermayer.cc> > > > > > wrote: > > > > > > > > > > > On Mon, Aug 05, 2019 at 02:44:29AM +0000, Li, Zhong wrote: > > > > > > > > From: ffmpeg-devel [mailto:ffmpeg-devel-boun...@ffmpeg.org] On > > > > Behalf > > > > > > > > Of Michael Niedermayer > > > > > > > > Sent: Monday, August 5, 2019 3:45 AM > > > > > > > > To: FFmpeg development discussions and patches > > > > > > > > <ffmpeg-devel@ffmpeg.org> > > > > > > > > Subject: Re: [FFmpeg-devel] [RFC] samples.ffmpeg.org > > > > > > > > > > > > > > > > On Sun, Aug 04, 2019 at 05:42:14PM +0100, Kieran Kunhya wrote: > > > > > > > > > On Sat, 3 Aug 2019 at 18:35, Michael Niedermayer > > > > > > > > > <mich...@niedermayer.cc> > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > Hi all > > > > > > > > > > > > > > > > > > > > It seems we do not have a list of people volunteering to do > > > > uploads > > > > > > > > > > to samples. And no place to send such requests to except > > here, > > > > > > where > > > > > > > > > > they sometimes get ignored. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Just give everyone with push access right to upload. > > > > > > > > > > > > > > > > Upload currently requires an account on the server, giving > > > > everyone an > > > > > > > > account is a security risk. > > > > > > > > It also doesnt really make sense to give someone access who > > doesnt > > > > need > > > > > > > > access. > > > > > > > > If someone wants to take care of uploads (s)he can have access. > > > > > > > > > > > > > > > > Of course if theres a majority wanting everyone with push > > access to > > > > > > have an > > > > > > > > account on the server, sure we will do that but i dont think > > its a > > > > > > good idea. > > > > > > > > IMHO its always better (aka more secure) if access is kept at a > > > > > > minimum. > > > > > > > > > > > > > > > > besides, it would be a bit of work to keep the list of who has > > push > > > > > > access and > > > > > > > > who has sampeles access synchronized. Its different servers and > > > > > > different > > > > > > > > types of "accounts" > > > > > > > > and the whole point from my point of view is that id like to > > spend > > > > my > > > > > > time on > > > > > > > > other areas on FFmpeg While keeping accounts synchronized > > would be > > > > > > > > probably more work than doing the uploads myself > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > My suggestions would be: > > > > > > > 1. If there is any volunteer to be fate-samples MAINTAINERS, > > tell him > > > > > > how to apply and update the FATE MAINTAINERS list. > > > > > > > > > > > > Iam not sure if there is someone, but if so (s)he should send an > > email > > > > to > > > > > > root or to ffmpeg-devel (again in case he did long ago already) > > > > > > > > > > > > > > > > You are not sure that you gave someone upload access to fate samples? > > > > > Perhaps you forgot? > > > > > > > > iam not sure if someone volunteered and did not receive access as at a > > > > similar time other people suggested that the existing people with > > access > > > > could handle it and no new uploaders where needed. > > > > > > > > So yeah, short form: i forgot the name from an email months or years > > ago. > > > > > > > > > > > Can you check now who have access? > > > > Yes, > > > > compn > > carl > > reimar > > beastd, > > lou > > ubitux > > paul > > hendrik > > derek, > > james almer > > martin vignali > > thilo > > atomnuker > > peter ross > > > Great. > > Rule 777. of security: do not expose all people which can be used to break > security.
the list was posted previously already and the public MAINTAINERS file provides a more complete superset for any nasty things but sure you have a point. In a open source project theres the tradeoff about openness though and many times the list of people having access to something is available to the public. > > I did not wanted to list all, just to confirm its me on that list. And you asked "do i have access?" ? or "Can you check now who have access?" I mean you know the admin can check that so the litteral form of the 2nd question makes no sense and a reply to that would not have even awnsered what you want to know. as in "yes i can check" doesnt tell you if you have access. I guess the conclusion is your questions are bizare and I should be more careful security wise. More carefullness about security can never hurt Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "I am not trying to be anyone's saviour, I'm trying to think about the future and not be sad" - Elon Musk
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
