[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls
george at nsup.org
Sun Jun 4 13:46:18 EEST 2017
Le quartidi 14 prairial, an CCXXV, Michael Niedermayer a écrit :
> > Notice a pattern?
> Security issues are found, i post a fix and people complain,
No. The pattern is: you rush to produce a bad fix.
> If you knew a year and a half ago about a security issue and about a
> great solution to it.
> How far is it from completion ?
> does this cover the hls vulnerability we discussed in
> the last 2 days and Can you post a patch ?
I said that WE needed to look for a solution. We, collective.
I, individual, do not have a solution, I only know that one exists
(Perl, Windows, web browsers all have a similar mechanism) and that
"fixing" the individual issues rather than designing a global solution
is a waste of time.
> But the real question still is, how do people prefer us to deal with
> this security issue here?
This one ? Ignore it but take the opportunity to start designingⁿ: a
proper solution would fix it anyway.
If you do anything else, I will not object to you pushing, but only if
you add "--author=Sysiphus" to your git commit command.
More information about the ffmpeg-devel