On Tue, 19 Nov 2024 14:03:51 +
Derek Buitenhuis wrote:
> On 11/12/2024 7:55 PM, compn wrote:
> > On Tue, 12 Nov 2024 16:46:42 +
> > Derek Buitenhuis wrote:
> >
> >> On 11/11/2024 7:34 PM, compn wrote:
> >>> one of my goals is to make sure that certain developers, who made
> >>> thei
On 11/12/2024 7:55 PM, compn wrote:
> On Tue, 12 Nov 2024 16:46:42 +
> Derek Buitenhuis wrote:
>
>> On 11/11/2024 7:34 PM, compn wrote:
>>> if your goal is to post old quotes, thats cool.
>>
>> Woosh.
>
> the quotes are from michael in 2015 saying elect a new leader. pretty
> sure we never
On 11/12/2024 7:37 PM, compn wrote:
> concern trolling?
I am pointing out Michael's own logic isn't even consistent with itself.
What is logic *actually* is is that the of course *he* is trustworthy, to
him.
>
> you're concerned about one developer adding in a backdoor, so the
> solution is to
On 11/12/2024 6:41 PM, Rémi Denis-Courmont wrote:
> I don't think that Derek meant that literally. The GA is not a legal entity
> so it can't hold a domain name or a trademark in the first place, or for that
> matter physical servers or hosting service contracts. Just like the bank
> account, th
On Wed, 13 Nov 2024 12:58:40 +0100
Michael Niedermayer wrote:
> So heres the list of people who will have git write access after
> dormant accounts are disabled. All the ones here where active in the
> last 10 years as a committer in FFmpeg. Noone is added, everyone from
> this list had access be
On Wed, Nov 13, 2024 at 12:58:40PM +0100, Michael Niedermayer wrote:
> Hi
>
> On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote:
> > Hi all
> >
> > On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> > > Hi all
> > >
> > > Should we disable git accounts for d
On Wed, 13 Nov 2024 10:44:29 -1000
compn wrote:
> the server admins know who has access. the access list isnt a public
> document. some developers want it to be a public document.
> i dont particularly care if the list is public or not.
>
> i am curious to know why this is now an important issue,
On 11/13/24 1:15 PM, Michael Niedermayer wrote:
so there are no unlabeled keys, its all there just not in an machiene parsable
list
for example your key addition looks like this:
I see. If everyone who has access is known then I don't see any issue
with disabling push access to accounts tha
Hi,
On Wed, Nov 13, 2024 at 3:45 PM compn wrote:
> people are using XV as an example, sure.
>
(I think you meant xz.)
Ronald
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit
On Wed, 13 Nov 2024 12:29:22 -0500
Leo Izen wrote:
> Yes, clearly, but an issue has come up that apparently we don't know
> who has access to our infrastructure. How do we not know this?
no.
the server admins know who has access. the access list isnt a public
document. some developers want it t
Hi Traneptora
On Wed, Nov 13, 2024 at 12:29:22PM -0500, Leo Izen wrote:
> On 11/9/24 11:18 AM, Michael Niedermayer wrote:
> > Hi all
> >
> > Should we disable git accounts for developers who have not been active since
> > a long time (like 10 years) ?
> >
> > (if these developers come back, the
On 11/9/24 11:18 AM, Michael Niedermayer wrote:
Hi all
Should we disable git accounts for developers who have not been active since
a long time (like 10 years) ?
(if these developers come back, the account would then be enabled again)
but disabling such accounts may improve security (lots of "i
Hi
On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote:
> Hi all
>
> On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> > Hi all
> >
> > Should we disable git accounts for developers who have not been active since
> > a long time (like 10 years) ?
> >
> > (if
On Wed, 13 Nov 2024, 00:10 Michael Niedermayer,
wrote:
> Hi
>
> On Tue, Nov 12, 2024 at 10:38:09PM +, Kieran Kunhya via ffmpeg-devel
> wrote:
> > On Tue, 12 Nov 2024, 21:03 Michael Niedermayer,
> > wrote:
> >
> > > On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote:
> > > > On
Hi Kyle
On Tue, Nov 12, 2024 at 02:09:25PM -0800, Kyle Swanson wrote:
> Hi,
>
> Should we consult with someone (a professional) outside of FFmpeg to
> assess the situation and provide a set of recommendations? This would
> be money well spent IMO.
I do have a list of ideas from people (not the q
Hi
On Tue, Nov 12, 2024 at 10:38:09PM +, Kieran Kunhya via ffmpeg-devel wrote:
> On Tue, 12 Nov 2024, 21:03 Michael Niedermayer,
> wrote:
>
> > On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote:
> > > On 11/12/2024 5:07 PM, James Almer wrote:
> > > > I personally don't agree w
On Tue, 12 Nov 2024, 21:03 Michael Niedermayer,
wrote:
> On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote:
> > On 11/12/2024 5:07 PM, James Almer wrote:
> > > I personally don't agree with giving the domain/trademark to the
> general
> > > assembly, as some have argued. It's just
On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote:
> On 11/12/2024 5:07 PM, James Almer wrote:
> > I personally don't agree with giving the domain/trademark to the general
> > assembly, as some have argued. It's just not safe at all.
>
> Sorry, I didn't necessarily mean giving it o
Hi,
Should we consult with someone (a professional) outside of FFmpeg to
assess the situation and provide a set of recommendations? This would
be money well spent IMO.
Thanks,
Kyle
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org
On Tue, 12 Nov 2024 16:46:42 +
Derek Buitenhuis wrote:
> On 11/11/2024 7:34 PM, compn wrote:
> > if your goal is to post old quotes, thats cool.
>
> Woosh.
the quotes are from michael in 2015 saying elect a new leader. pretty
sure we never elected one.
feel free to start a vote.
> > on
On Tue, 12 Nov 2024 17:30:57 +
Derek Buitenhuis wrote:
> On 11/12/2024 5:05 PM, James Almer wrote:
> > This is not true. I have write access to the website, for example,
> > as do others. And Michael cuts releases because he was given the
> > task, not because nobody else can or want. And nob
Hi,
Le 12 novembre 2024 19:07:56 GMT+02:00, James Almer a écrit
:
>On 11/12/2024 1:58 PM, Derek Buitenhuis wrote:
>> Answers aren't sufficient or complete, and you purposely avoid giving
>> community
>> power over the ifnrastructure, domains, or trademark. It is solely at your
>> discretion.
>
On 11/12/2024 5:05 PM, James Almer wrote:
> This is not true. I have write access to the website, for example, as do
> others. And Michael cuts releases because he was given the task, not
> because nobody else can or want. And nobody prevents anyone from just
> fetching a git tag instead (Distro
On 11/12/2024 5:07 PM, James Almer wrote:
> I personally don't agree with giving the domain/trademark to the general
> assembly, as some have argued. It's just not safe at all.
Sorry, I didn't necessarily mean giving it ot the GA. I mean having it in a
better state than being held hostage by some
On 11/12/2024 1:58 PM, Derek Buitenhuis wrote:
Answers aren't sufficient or complete, and you purposely avoid giving community
power over the ifnrastructure, domains, or trademark. It is solely at your
discretion.
I personally don't agree with giving the domain/trademark to the general
assemb
On 11/12/2024 1:58 PM, Derek Buitenhuis wrote:
For example, right now, one person (you) has the ability to cut release, modify
the website, sign the tarballs, etc. It's all you. I'm sure that's great in your
mind, as you deem yourself trustworthy. From our end, nothing stops it from
being
xz par
On 11/11/2024 7:34 PM, compn wrote:
> if your goal is to post old quotes, thats cool.
Woosh.
> one of my goals is to make sure that certain developers, who made their
> own project and then ran it into the ground, arent made as admins
> again. they had a good run but couldnt even make an
> announ
On 11/11/2024 7:33 PM, Michael Niedermayer wrote:
>> This only convinces me further that it this whole setup ins't for for
>> purpose,
>> and is being run by people who have no concept of actual security. This is
>> totally insane.
Honestly, this is so exhausting and painful, I dread responding.
On Mon, 11 Nov 2024 18:17:11 +
Kieran Kunhya via ffmpeg-devel wrote:
> On Mon, Nov 11, 2024 at 5:31 PM compn wrote:
> >
> > what is your goal?
> >
> > thanks
> > -compn
>
> Here are some quotes presented without comment:
if your goal is to post old quotes, thats cool.
one of my goals is
Hi
On Mon, Nov 11, 2024 at 05:00:42PM +, Derek Buitenhuis wrote:
> On 11/11/2024 4:42 PM, Michael Niedermayer wrote:
> > Publically listing which developer provides which part of the DNS infra
> > makes it easier to attack not harder.
> > That said, i suspect who provides what was mentioned in
On Mon, Nov 11, 2024 at 5:31 PM compn wrote:
>
> On Mon, 11 Nov 2024 17:00:42 +
> Derek Buitenhuis wrote:
>
> > This only convinces me further that it this whole setup ins't for for
> > purpose, and is being run by people who have no concept of actual
> > security. This is totally insane.
>
>
On Mon, 11 Nov 2024 17:00:42 +
Derek Buitenhuis wrote:
> This only convinces me further that it this whole setup ins't for for
> purpose, and is being run by people who have no concept of actual
> security. This is totally insane.
I think it would be wiser to point to other administration of
On 11/11/2024 4:42 PM, Michael Niedermayer wrote:
> Publically listing which developer provides which part of the DNS infra
> makes it easier to attack not harder.
> That said, i suspect who provides what was mentioned in the past already
It is already publically available info to anyone who can l
Le 11 novembre 2024 18:42:37 GMT+02:00, Michael Niedermayer
a écrit :
>On Mon, Nov 11, 2024 at 10:02:27AM +, Derek Buitenhuis wrote:
>> On 11/10/2024 2:59 PM, Michael Niedermayer wrote:
>> > Its there since a long time:
>> > https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt
On Mon, Nov 11, 2024 at 10:02:27AM +, Derek Buitenhuis wrote:
> On 11/10/2024 2:59 PM, Michael Niedermayer wrote:
> > Its there since a long time:
> > https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt
>
> [...]
>
> > If something is missing, its not going to improve on its own
On 11/10/2024 2:59 PM, Michael Niedermayer wrote:
> Its there since a long time:
> https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt
[...]
> If something is missing, its not going to improve on its own.
> Someone will have to say _what_ is missing and work toward filling it in.
P
Hi all
On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote:
> Hi all
>
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
>
> (if these developers come back, the account would then be enabled again)
> but disabling such
On Sun, Nov 10, 2024 at 02:42:18PM +, Derek Buitenhuis wrote:
> On 11/9/2024 6:04 PM, Rémi Denis-Courmont wrote:
> > What most people are concerned about right now is the incomplete
> > documentation
> > of any and all credentials - not just git write access - and more generally
> > the lack
On 11/9/2024 6:04 PM, Rémi Denis-Courmont wrote:
> What most people are concerned about right now is the incomplete
> documentation
> of any and all credentials - not just git write access - and more generally
> the lack of transparency. Once that is sorted out, we can start arguing about
> wha
On Sun, Nov 10, 2024 at 12:18 AM Michael Niedermayer
wrote:
>
> Hi all
>
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
>
> (if these developers come back, the account would then be enabled again)
> but disabling such accounts may imp
Le lauantaina 9. marraskuuta 2024, 18.18.08 EET Michael Niedermayer a écrit :
> Hi all
>
> Should we disable git accounts for developers who have not been active since
> a long time (like 10 years) ?
Yes but git is probably the least dangerous of credentials to keep stale. A
backdoor getting pus
On 11/9/2024 1:18 PM, Michael Niedermayer wrote:
Hi all
Should we disable git accounts for developers who have not been active since
a long time (like 10 years) ?
(if these developers come back, the account would then be enabled again)
but disabling such accounts may improve security (lots of "
Hi all
Should we disable git accounts for developers who have not been active since
a long time (like 10 years) ?
(if these developers come back, the account would then be enabled again)
but disabling such accounts may improve security (lots of "if" here but
assuming they loose their key, assumin
43 matches
Mail list logo
