2017-02-11 11:14 GMT+08:00 Michael Niedermayer <mich...@niedermayer.cc>:
> On Fri, Feb 10, 2017 at 04:43:17PM -0300, James Almer wrote: > > On 2/10/2017 4:03 PM, Michael Niedermayer wrote: > > > Hi community > > > > > > what do you prefer about the ffmpeg-security alias ? > > > in no particular order > > > > > > Should everyone on the alias be listed in MAINTAINERs under a > > > ffmpeg-security point? > > > > I'd say yes. From a transparency PoV, people should know who will > > get access to such reports. > > > > > > > > Should for everyone who is on the alias a reason be listed in > > > MAINTAINERs why (s)he is on the alias ? > > > > IMO, there's no need for this. Read below. > > > > > > > > > Should everyone on the alias have a reason beyond curiousity to be > > > on the alias? (that is a reason that clearly benefits FFmpeg) > > > > Yes, it should be about intending to fix reports and/or review fixes > > made by others. Curiosity alone is not enough at all. > > ok > > We have 938 open bugs on trac > We have 84 open bugs on trac that contain the keyword "regression" > We have 55 open coverity issues > We have 475 patches on patchwork needing some action, either having > their status updated if its wrong or needing review/apply/reject > > someone wanting to review patches can do that > someone wanting to fix issues can do that > > We have no open security issues on the ffmpeg-security alias, we have > no patches that need a review, in fact i think we have had no patch > there this year yet. (not countig ones referenced from ffmpeg-devel) > > So one wanting to review patches or fix issues shouldnt really have > much desire on ffmpeg-security. > > We can add more people to it, but what does that fix? > Shouldnt we rather try to find someone to fix the regressions on trac > or go over the patches on patchwork ? > I saw "连一汉" sometime report some security issue and fixed by Michael. I think we need a ffmpeg-security to report security issue and review patch in it. And i can join to fix it :) > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > The worst form of inequality is to try to make unequal things equal. > -- Aristotle > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
