On 15.08.2019, at 13:15, Vittorio Giovara <vittorio.giov...@gmail.com> wrote: > if you use ffmpeg in your $dayjob, being notified of security problem > in ffmpeg, and acting upon it before the fix lands in the tree, may be > crucial.
I realize I only responded to this specific part only in the context of this discussion. Which might give the wrong impression. I'd LOVE for someone to come up with documentation and criteria and then create and managing a mailing list of important and trusted USERS (which might overlap with developers, but I'd expect it to be more people in admin/deployment positions, or DevOps or such), similarly to what the Linux kernel has. And a guideline for when it would be used. I would expect anyone handling security issues would make an effort to have that list involved as appropriate and be happy to have a way to give a heads-up to critical users (correct me if I'm wrong on that). But it would need one or more volunteers to do the work. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
