[FFmpeg-devel] [RFC] Release 6.1

Paul B Mahol onemda at gmail.com
Fri Sep 22 18:27:55 EEST 2023


On 9/22/23, Michael Niedermayer <michael at niedermayer.cc> wrote:
> On Fri, Sep 22, 2023 at 11:32:27AM +0200, Paul B Mahol wrote:
>> On Fri, Sep 22, 2023 at 11:28 AM Michael Niedermayer
>> <michael at niedermayer.cc>
> [...]
>
>> If you mean real FFmpeg work, than by all means give access to services
>> only you have to other
>> interesting parties, like security related reports and others.
>
> what ?
>
> There are 633 open issues in coverity, every FFmpeg developer can work on.
> i remember bringing this number down years ago to something rather small but
> now
> the statistics dwarf that with the upward trend ...
>
> if you mean oss-fuzz, there are 18 tickets public about FFmpeg, anyone can
> work on these
> https://bugs.chromium.org/p/oss-fuzz/issues/list?q=ffmpeg
>
> and the ffmpeg ossfuzz tickets, go to
> ffmpeg-security, 3 people from google, 1 from mozilla, jb
> and ffmpeg-security is me, reimar, ce, andreas cadhalpun, ubitux, rodger
> combs
>
> so thats not just me
> and a quick count, i think i have 32 open ossfuzz issues in my inbox,
> with the 18 subtracted more are public with noone caring about.
> if we assume i fix 5 a day, what is that, 4 days of work, to fix the ones
> that are
> not public. (that doesnt count ossfuzz hiding 12 issues in 62164 but yeah
> these ive
> already posted fixes for i think)
>
> Also theres our bug tracker and just the normal compiler warnings
> if you want to work on this sort of thing
>
> where are the developers who want to work on something above but do not
> have
> access ?
>
> the only other issue i remember on ffmpeg-security thats not spam and not
> ossfuzz
> is a XSS issue in the fate server which i believe nicolas is working on.
> If someone is interrested in working on the fate server code, please come
> forth
> the code is in need for a maintainer outside this issue. I just had asked
> nicolas
> about it because i did not know anyone else who knows perl and be willing
> to help look into a not entirely trivial (for me) issue in fate server
>

Do not lie, you are working for FFlabs now.

> thx
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Everything should be made as simple as possible, but not simpler.
> -- Albert Einstein
>


More information about the ffmpeg-devel mailing list