Re: [FFmpeg-devel] Democratization work in progress draft v2

[Michael Niedermayer <michael@niedermayer.cc>]

[-- Attachment #1.1: Type: text/plain, Size: 2672 bytes --]

Hi James

On Sat, Feb 01, 2025 at 10:30:21AM -0300, James Almer wrote:
> On 1/31/2025 9:49 PM, Michael Niedermayer wrote:
[...]
> >
> > 
> > > has worked. Changing it now because one person was unhappy with a CC (That
> > 
> > This is a false statement. Iam not suggesting a change to the GA because of one CC
> > iam suggesting a change because it is vulnerable to an attack.
> > 
> > (The CC isnt even fixed by this, i think the concept of a CC elected out of a
> > community thats full of mutual hate is a bad idea)
> > 
> > But back to the topic, what do you suggest to fix the vulerability in the GA ?
> > Or you dont care?
> 
> Why do you say there's a vulnerability in the GA?

The FAQ describes how to exploit it. And i belive others independantly found
this issue as well.


> Has it been exploited for

Given the nature of this vulerability, its very hard to detect it being exploited


> this to be an issue?

While active eploitation, certainly makes an issue worse. In general and
especially when exploitation is not detectable, this is something we cannot wait for


> Did someone to your knowledge buy a developer to write
> 20 commits and get them into the GA?

Lets be carefull here with the words. But the awnser is "yes"
Many developers have been paid to write commits. employees, contractors, students

Do i know of someone being asked after that to vote in a specific way ?
No, how could i know other peoples private communication

Have people asked me how/if they should vote ?
Yes, some people did ask.

In general "few time" outside contributors being payed to do some work dont
care about the votes, they come, do some work and leave.
I would expect the random subscriber of 2000 on ffmpeg-devel to care more
as they follow the list for a long term they care more about the consequences


> Otherwise, you're making a big deal out
> of an hypothetical, and that's really damaging to the project.
> 

> I don't know if you realize, but you're being incredibly disrespectful with
> almost everyone who has contributed anything in the last decade, treating
> them as moles trying to bring down the project instead of contributing to
> its success.

I would appreciate if you keep this emotional drama out. We need to look
with a clear head at this. Noone is disrespectful to people using ssh if
ssh is vulnerable.

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".