On 2/9/2017 10:24 AM, Kieran Kunhya wrote: >> >> I dont think we should give access to ffmpeg-security to everyone who >> wants to be on the list. This is of course something the community >> has to decide and not me, iam just err-ing on the safe side and am very >> restrictive on who is added. >> > > This is a bogus argument considering how many people have commit access and > can commit whatever. > > Kieran
There's a big difference between git commit access, where bad or rogue commits can be easily undone, and access to the security email address, where 0 day exploits and full steps to reproduce may be available. You and wm4 should IMO be ok to be in it, but we really need to set some limits and requirements and not offer access like candy as we have been doing with git, otherwise the joke about running ffmpeg behind three layers of sandboxing will become an actually tempting idea to anyone wanting to use it from now on. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel