[FFmpeg-devel] root access voting

Michael Niedermayer michael at niedermayer.cc
Sat Nov 2 13:34:30 EET 2024 

Hi

At teh current videolan developer days there where several surprise votes on FFmpegs
infractructure. And to the best of my knowledge no remote participation
and no recording.

So let me try to reply to the idea of the general assembly choosing who has
root access.

We have seen a raise of increasingly sophisticated attacks in recent times.
For example thx xz backdoor, where the maintainer was pressured by many people
to add jia tan as maintainer who then eventually added a sophisticated hidden
backdoor. Compromising xz and ssh. (Which almost was not even detected)

We have seen batteries being exchanged by explosives by the mosad injuring
members of a terrorist organization and probably a few innocent people.
You may agree with fighting terror but do you agree with explosives,
in maybe the phone someone of your familiy bought on ebay ?

Just yesterday, lottie-player was replaced by a compromised version.
Stealing peoples money.

Our GA is build of everyone who has
"authored more than 20 patches in the last 36 months in the main FFmpeg repository"

This is a very low bar for an attacker. Even if we did KYC (which i think
we should not) hiring 50 people to each write 20 patches is very doable even
for a small company or heck even a single individual could do this.
Let alone, a state actor.

What this means, and i think this is obvious to everyone,
is the GA cannot control critical infractructure access or things
that allow attacks by state actors.
Thats besides the root admins should generally be professional admins and not
"popular politicans". Which is ultimately what a popular vote produces.
Also the root team has to get along with each other and trust each other,
obviously.
And last, where is that professional admin who wants to do work and who has
no root access ?
I have to the best of my knowledge given every professional admin we have
on the FFmpeg team, who needed root access, root access.
Yes i would not give root access to people who are involved in every 2nd flamewar
or who i totally do not get along.
Or if the request comes in a strange context, ...
But does the GA want to override that ?
You think that would improve things ?

Please lets not turn root access into a harris vs trump style democracy

If theres a professional, trusted, admin and there work that needs to be done
and (s)he has time, ability and will to do that work, nothing strange,
and noone says they dont get along with him/her.
I have and will give them root access.
if thats not the case
I dont think people would want me to give them root access.

thx

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241102/eac7e5f3/attachment.sig>

More information about the ffmpeg-devel mailing list