[FFmpeg-devel] core infrastructure badge for FFmpeg
Ronald S. Bultje
rsbultje at gmail.com
Tue Jul 5 05:59:42 EEST 2016
Hi,
On Mon, Jul 4, 2016 at 9:15 PM, Ganesh Ajjanagadde <gajjanag at mit.edu> wrote:
> 04.07.2016, 15:55, "Ronald S. Bultje" <rsbultje at gmail.com>:
> > Hi,
> >
> > On Mon, Jul 4, 2016 at 3:44 PM, Ganesh Ajjanagadde <gajjanag at mit.edu>
> wrote:
> >
> >> 04.07.2016, 15:36, "Ronald S. Bultje" <rsbultje at gmail.com>:
> >> > Hi,
> >> >
> >> > On Mon, Jul 4, 2016 at 3:29 PM, Ganesh Ajjanagadde <
> gajjanag at mit.edu>
> >> wrote:
> >> >
> >> >> 04.07.2016, 10:33, "Clément Bœsch" <u at pkh.me>:
> >> >> > On Mon, 4 Jul 2016 at 13:41 Ganesh Ajjanagadde <gajjanag at mit.edu
> >
> >> >> wrote:
> >> >> >> Hi,
> >> >> >>
> >> >> >> https://bestpractices.coreinfrastructure.org/.
> >> >> >>
> >> >> >> Thoughts on getting this done for FFmpeg?
> >> >> >
> >> >> > Any thing we need to adjust in the project? I don't see much
> things
> >> to
> >> >> > change by looking at
> >> >> https://bestpractices.coreinfrastructure.org/projects/1
> >> >>
> >> >> I could not either.
> >> >> It was something I noticed a week back, judged low-hanging and of
> some
> >> >> benefit to the project.
> >> >> I thus am willing to do it, provided there are no objections.
> >> >
> >> > I think if any changes are necessary to the website or
> documentation or
> >> > code, these would simply go through the relevant review process,
> right?
> >> Or
> >> > am I missing something?
> >>
> >> True. At the moment, it seems like the relevant forms can be filled in
> >> directly from existing information,
> >> and no changes are necessary.
> >>
> >> I can send a screenshot of the filled out form before submitting if
> people
> >> want.
> >
> > Oh I see, I misunderstood. I personally don't have objections to that.
>
>
> Turns out that the first few pages are easy to fill and we already achieve
> them.
> The last few are much harder, and FFmpeg does not currently meet all of
> them.
>
> Here is the progress so far:
> https://bestpractices.coreinfrastructure.org/projects/235.
>
> I have filled them to the best of my ability.
> Here is a summary of where we fail to meet the criteria,
> and some suggestions for what we could do.
>
[..]
> 4. If the project software is an application or library, and its primary
> purpose is not to implement cryptography,
> then it SHOULD only call on software specifically designed to implement
> cryptographic functions;
> it SHOULD NOT re-implement its own.
> Note: This is one where I am personally interested as to why we fail; is
> it for performance reasons that we reimplement crypto?
> Suggestion: No idea until I understand the above.
>
> 5. The project security mechanisms MUST use default keylengths that at
> least meet the NIST minimum requirements through the year 2030 (as stated
> in 2012).
> Suggestion: add --enable-unsafe-crypt to configure, and by default not
> enable it.
> Change API's and functions accordingly, document it.
> Note: strictly speaking, per the sentence above, it is ok as we do not
> really have "default" keylengths.
> But the extended rationale shows why we fail.
>
> 6. The default project security mechanisms MUST NOT depend on
> cryptographic algorithms that are broken
> (e.g., MD4, MD5, single DES, RC4, or Dual_EC_DRBG).
> Suggestion: same as 5 above.
We don't use any of these for security purposes, we only use them for
checking frame hashes in automated tests. That should be totally fine.
Ronald
More information about the ffmpeg-devel
mailing list