Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian

To: debian-devel@lists.debian.org
Subject: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
From: Russ Allbery <rra@debian.org>
Date: Tue, 29 Jul 2014 16:01:20 -0700
Message-id: <[🔎] 874mxzhirj.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 87a97rhj3k.fsf@windlord.stanford.edu> (Russ Allbery's message of "Tue, 29 Jul 2014 15:54:07 -0700")
References: <[🔎] 53D5895B.2090102@googlemail.com> <[🔎] lr7jjb$np3$1@ger.gmane.org> <[🔎] 53D7CF25.3040901@googlemail.com> <[🔎] 38022338.xExGetmtcr@eee> <[🔎] 53D80EDA.8040207@googlemail.com> <[🔎] 87ppgnhmym.fsf@windlord.stanford.edu> <[🔎] 53D82293.7010707@googlemail.com> <[🔎] 87a97rhj3k.fsf@windlord.stanford.edu>

Russ Allbery <rra@debian.org> writes:

> Is upstream aware that this is a really bad track record and trying to
> do something proactive to increase the quality of the code, like
> comprehensive auditing, or proactive rewrites to use more secure coding
> practices such as some of the work that the LibreSSL team has been
> doing?

Ah, I should have Googled my own question.

http://googleonlinesecurity.blogspot.com/2014/01/ffmpeg-and-thousand-fixes.html

Well, that's... better than nothing.  It's certainly part of an overall
strategy, although that number of issues still indicates to me that there
are style and architecture issues here that could benefit from more
proactive design work.  I could be wrong, having not looked at the code
personally -- maybe the problem space is just really hard.  But that seems
like quite a lot of errors.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Raphael Geissert <geissert@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Raphael Geissert <geissert@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
- Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Next by Date: Re: apache2 issues
Previous by thread: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Next by thread: Re: Bug#729203: [FFmpeg-devel] Reintroducing FFmpeg to Debian
Index(es):
- Date
- Thread