On Sat, Feb 11, 2017 at 11:57:31AM +0800, Steven Liu wrote: > 2017-02-11 11:14 GMT+08:00 Michael Niedermayer <mich...@niedermayer.cc>: > > > On Fri, Feb 10, 2017 at 04:43:17PM -0300, James Almer wrote: > > > On 2/10/2017 4:03 PM, Michael Niedermayer wrote: > > > > Hi community > > > > > > > > what do you prefer about the ffmpeg-security alias ? > > > > in no particular order > > > > > > > > Should everyone on the alias be listed in MAINTAINERs under a > > > > ffmpeg-security point? > > > > > > I'd say yes. From a transparency PoV, people should know who will > > > get access to such reports. > > > > > > > > > > > Should for everyone who is on the alias a reason be listed in > > > > MAINTAINERs why (s)he is on the alias ? > > > > > > IMO, there's no need for this. Read below. > > > > > > > > > > > > > Should everyone on the alias have a reason beyond curiousity to be > > > > on the alias? (that is a reason that clearly benefits FFmpeg) > > > > > > Yes, it should be about intending to fix reports and/or review fixes > > > made by others. Curiosity alone is not enough at all. > > > > ok > > > > We have 938 open bugs on trac > > We have 84 open bugs on trac that contain the keyword "regression" > > We have 55 open coverity issues > > We have 475 patches on patchwork needing some action, either having > > their status updated if its wrong or needing review/apply/reject > > > > someone wanting to review patches can do that > > someone wanting to fix issues can do that > > > > We have no open security issues on the ffmpeg-security alias, we have > > no patches that need a review, in fact i think we have had no patch > > there this year yet. (not countig ones referenced from ffmpeg-devel) > > > > So one wanting to review patches or fix issues shouldnt really have > > much desire on ffmpeg-security. > > > > We can add more people to it, but what does that fix? > > Shouldnt we rather try to find someone to fix the regressions on trac > > or go over the patches on patchwork ? > > > I saw "连一汉" sometime report some security issue and fixed by Michael. > I think we need a ffmpeg-security to report security issue and review patch > in it. > And i can join to fix it :)
sounds like you have alot of time did you see the 36 issues about hls on trac: ? https://trac.ffmpeg.org/query?status=new&status=open&status=reopened&keywords=~hls&col=id&col=summary&col=status&col=type&col=priority&col=component&col=version&order=priority [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you fake or manipulate statistics in a paper in physics you will never get a job again. If you fake or manipulate statistics in a paper in medicin you will get a job for life at the pharma industry.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
