[FFmpeg-devel] root access voting

[Rémi Denis-Courmont]

Hi,

Le 2 novembre 2024 20:34:30 GMT+09:00, Michael Niedermayer <michael at niedermayer.cc> a écrit :
>At teh current videolan developer days there where several surprise votes on FFmpegs
>infractructure.

There were obviously no formal votes on anything since no GA meetings were held. To be honest, you are being awfully misleading and disparaging of the VDD (and it's not the first time) and its attendees, including a lot of community members.

> And to the best of my knowledge no remote participation
>and no recording.

Again, there were only informal discussions in the first place. You can't expect that other members of a community won't meet and hold face-to-face meetings, as Anton already pointed out beforehand. And FWIW notes were taken. Presumably you got the info from those notes...

>So let me try to reply to the idea of the general assembly choosing who has
>root access.

The same argument was brought during the meeting.

>We have seen a raise of increasingly sophisticated attacks in recent times.
>For example thx xz backdoor, where the maintainer was pressured by many people
>to add jia tan as maintainer who then eventually added a sophisticated hidden
>backdoor. Compromising xz and ssh. (Which almost was not even detected)
>
>We have seen batteries being exchanged by explosives by the mosad injuring
>members of a terrorist organization and probably a few innocent people.
>You may agree with fighting terror but do you agree with explosives,
>in maybe the phone someone of your familiy bought on ebay ?

Comparing FFmpeg developers or their relatives with members of the Hezbollah is not a very effective way to convey your point

>Our GA is build of everyone who has
>"authored more than 20 patches in the last 36 months in the main FFmpeg repository"

Then have them designated by the TC and/or the CC. If even a sovereign state tries to take over the GA to take over the committees, we will notice and have plenty of time to expose it. If that doesn't work, we'll still have time to fork.

Either way, that's way better than current state where effectively unknown or former mplayer (not even FFmpeg) developers are the admins, and single person fallible subjectivity (yours) decides who gets or doesn't to be admin.

>Thats besides the root admins should generally be professional admins and not
>"popular politicans".

You have blocked Josh and Marvin, neither of whom strike me as popular politicians (sorry, no offence intended). They're not JB, Ronald or Kieran (again, no offence intended).

>Also the root team has to get along with each other and trust each other,
>obviously.

How do you trust the ghost mplayer/FFmpeg people? How do you trust the Bulgarian hosting company? It doesn't help that Bulgaria is statistically the most corrupt country in the EU.

Germany, Austria or Switzerland seem a lot more trustworthy places to host than Bulgaria. How do you even trust the physical access to hosting? Did you visit and see the servers? Otherwise your point about trusting admins is completely moot, plain and simple.

>And last, where is that professional admin who wants to do work and who has
>no root access ?

Marvin?