[FFmpeg-devel] [RFC] Release 6.1

Michael Niedermayer michael at niedermayer.cc
Fri Sep 22 17:49:30 EEST 2023


On Fri, Sep 22, 2023 at 11:32:27AM +0200, Paul B Mahol wrote:
> On Fri, Sep 22, 2023 at 11:28 AM Michael Niedermayer <michael at niedermayer.cc>
[...]

> If you mean real FFmpeg work, than by all means give access to services
> only you have to other
> interesting parties, like security related reports and others.

what ?

There are 633 open issues in coverity, every FFmpeg developer can work on.
i remember bringing this number down years ago to something rather small but now
the statistics dwarf that with the upward trend ...

if you mean oss-fuzz, there are 18 tickets public about FFmpeg, anyone can work on these
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=ffmpeg

and the ffmpeg ossfuzz tickets, go to
ffmpeg-security, 3 people from google, 1 from mozilla, jb
and ffmpeg-security is me, reimar, ce, andreas cadhalpun, ubitux, rodger combs

so thats not just me
and a quick count, i think i have 32 open ossfuzz issues in my inbox,
with the 18 subtracted more are public with noone caring about.
if we assume i fix 5 a day, what is that, 4 days of work, to fix the ones that are
not public. (that doesnt count ossfuzz hiding 12 issues in 62164 but yeah these ive
already posted fixes for i think)

Also theres our bug tracker and just the normal compiler warnings
if you want to work on this sort of thing

where are the developers who want to work on something above but do not have
access ?

the only other issue i remember on ffmpeg-security thats not spam and not ossfuzz
is a XSS issue in the fate server which i believe nicolas is working on.
If someone is interrested in working on the fate server code, please come forth
the code is in need for a maintainer outside this issue. I just had asked nicolas
about it because i did not know anyone else who knows perl and be willing
to help look into a not entirely trivial (for me) issue in fate server

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230922/8a8e2a22/attachment.sig>


More information about the ffmpeg-devel mailing list