[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls

Nicolas George george at nsup.org
Sun Jun 4 13:46:18 EEST 2017


Le quartidi 14 prairial, an CCXXV, Michael Niedermayer a écrit :
> > Notice a pattern?
> yes
> Security issues are found, i post a fix and people complain,

No. The pattern is: you rush to produce a bad fix.

> If you knew a year and a half ago about a security issue and about a
> great solution to it.
> How far is it from completion ?
> does this cover the hls vulnerability we discussed in
> the last 2 days and Can you post a patch ?

I said that WE needed to look for a solution. We, collective.

I, individual, do not have a solution, I only know that one exists
(Perl, Windows, web browsers all have a similar mechanism) and that
"fixing" the individual issues rather than designing a global solution
is a waste of time.

> But the real question still is, how do people prefer us to deal with
> this security issue here?

This one ? Ignore it but take the opportunity to start designingⁿ: a
proper solution would fix it anyway.

If you do anything else, I will not object to you pushing, but only if
you add "--author=Sysiphus" to your git commit command.

Regards,

-- 
  Nicolas George


More information about the ffmpeg-devel mailing list