From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2B8124B6BA for ; Tue, 11 Jun 2024 15:46:27 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 51F1168D868; Tue, 11 Jun 2024 18:46:25 +0300 (EEST) Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5424E68D679 for ; Tue, 11 Jun 2024 18:46:19 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 6F06740005 for ; Tue, 11 Jun 2024 15:46:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1718120778; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yV/ciR0jAf0Smm0u7NBlox1LYnYj/8gOqQXPPs+0ECU=; b=hMBBV6+vw03yOO6ZrryjOielslFphY6PFL3KEsOtH7et4K4M8sSIm6M8eSGcSQWafP315+ whTtMlDx6uho3hCBu4YdBgR/WFb2VSzNxObsQFVwdLTpc7Bxz7YoMBDDdIL2AhD8jvTAp0 c4pXXsPHahJK3NStmef1mG8rt5X55EG0OskbNc9ngmAuiW5NYVAYmUvzxWqYa/gfbBDN5D 1uYvXUtw7ao5D+pEK9GO09fsL5Fa4Zaenl2OkX9pAKM8nfHXNdfeVY14eWXEYwIdQcGJWh 9WCCXecmu441xpRyLKUFjJfHKcSzRFPUJa+heQqy/diCUaNY79yF5b+J4JT5dQ== Date: Tue, 11 Jun 2024 17:46:17 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240611154617.GK2821752@pb2> References: <20240513233816.GL6420@pb2> <20240608160143.GW2821752@pb2> <20240609220419.GZ2821752@pb2> <10ec29d6-debe-4f4e-8eb0-4b62103fb554@rothenpieler.org> MIME-Version: 1.0 In-Reply-To: X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [WIP] False positives on Coverity X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============4933086332386836009==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============4933086332386836009== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uglrMb9l+pHSuG/B" Content-Disposition: inline --uglrMb9l+pHSuG/B Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 10, 2024 at 02:45:14PM +0200, Vittorio Giovara wrote: > On Mon, Jun 10, 2024 at 2:41=E2=80=AFPM Timo Rothenpieler > wrote: >=20 > > > In either case, my point is that email is not a good system for these > > > reports, because they cannot be tracked nor analyzed, and if they do > > pose a > > > security risk they shouldn't be advertised so openly. Having a small > > bounty > > > with STM funds would probably be a more efficient way at fixing them = than > > > asking people to take a look at them on the ML. > > > > I'm not sure what you mean. > > E-Mail is not the primary system for these reports. > > >=20 > I'm referring to Micheal's email with the list of latest reports. >=20 > They're just notifications about new stuff, with a rough summary of each > > issue, if there aren't too many. > > The primary way to track and handle them is via their website. > > >=20 > Again, the one that not everybody has access to, despite being available. coverity was and is accessable to every FFmpeg developer who needs&wants ac= cess > If there is any actual interest in fixing them I'm saying we should make > them more visible and more accessible, that's all. They are accessable to every FFmpeg developer who needs and wants access and they are vissible as coverity sends out emails whenever new issues are dete= cted > If they are mostly false > positives, then why are we even talking about them? I have no idea why people talk about them, what i know, is that iam posting the list of false positives to the ML because we agreed to post that list h= ere as part of the deliverables for the souvereign tech fund Thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If the United States is serious about tackling the national security threat= s=20 related to an insecure 5G network, it needs to rethink the extent to which = it values corporate profits and government espionage over security.-Bruce Schn= eier --uglrMb9l+pHSuG/B Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZmhxPgAKCRBhHseHBAsP q4BgAJ9YdTxTONP7CLwL+6caELcpy41J+wCeLVQwxx6vNJlyOSvA7xDHutoWpHQ= =pLpY -----END PGP SIGNATURE----- --uglrMb9l+pHSuG/B-- --===============4933086332386836009== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============4933086332386836009==--