Hi Paul On Mon, Aug 05, 2019 at 11:50:04AM +0200, Paul B Mahol wrote: > Hi, > > I here hereby request from lead FFmpeg entity to give me subscription to > ffmpeg-security mailing list.
I am not sure who or what a "lead FFmpeg entity" is, But as iam being highlighted on IRC by you in relation to this, and as iam the most active developer on security issues in ffmpeg it would be inpolite from me if i didnt say something. About ffmpeg-security, Theres currently no need for more manpower to handle security issues. We have a backlog of a few days of fuzzing issues only which is shrinking. And no other issues besides fuzzing issues. (part of the backlog probably was the result of distractions and some longer review cycles on some patches recently) Also all patches are being posted in public so no access is needed for reviews. I think many of the complaints from people about some of the patches should be resolved by the recent addition of thresholds on all pixels decoded. That way slow video decoders can have their timeout thresholds effectively tuned and would no longer require ugly changes which several people did not like. That wont eliminate all uglyness but it should reduce it. PS: also keep in mind that we recently increased coverage of the fuzzers this created a spike of new issues, so besides more such spikes from more coverage increases the amount of new issues is expected to decrease over time Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
