[FFmpeg-devel] [RFC] Commit tags : security

Luca Barbato lu_zero
Thu Oct 25 21:15:59 CEST 2007


The security people at Gentoo are a bit puzzled about how to handle
security and ffmpeg, mostly because is relatively hard to figure when a
fix addresses a security issue or not. So far Michael just puts
"security" in the commit message and that helps a bit.

What they'd like in order to track better and help evaluating issues is
to have commit that fix probable issues marked with [sec] or even
better, if you have an idea about the severity [sec+{0,1,2,3,4,5}] with
0 meaning "unsure" and 5 meaning high failure.

FFmpeg is quite widely used and giving clues on which revision should be
used as update is quite important to outside projects.

lu

-- 

Luca Barbato

Gentoo/linux Gentoo/PPC
http://dev.gentoo.org/~lu_zero




More information about the ffmpeg-devel mailing list