Hi

On Sun, Feb 02, 2025 at 03:14:58PM -0300, James Almer wrote:
> On 2/1/2025 6:53 PM, Michael Niedermayer wrote:
> > Hi James
> > 
> > On Sat, Feb 01, 2025 at 10:30:21AM -0300, James Almer wrote:
> > > On 1/31/2025 9:49 PM, Michael Niedermayer wrote:
[...]
> , the text points this out in a mocking/ironic way.
> > If you want me to reword this in a dry formal way, i can submit such a patch?
> > 
> > If not, how do you suggest we move forward here ?
> > We can replace the GA by a system that is not vulnerable
> 
> I ask again, do you have any reason other than an hypothetical scenario to
> think the GA is vulnerable?

Isnt every vulnerability that was reported to us a "hypothetical" scenario ?


> Or can you mention a point during the last five
> years where any such a vulnerability was taken advantage of?

Lets assume we have 2 projects in one the vulnerability was taken advantage of
while in the other it was not.

How would you tell them apart ?

in both these universes 11 people join over the course of a year

In one universe these are all just random new developers. In the other they
are payed to gain vote power and control.

If you list their names from both of these universes, you will notice a
shocking detail
in both universes, its the same people, just in one they where payed and
in the other they joined for their own reasons.

I hope you see that we cannot detect this
Then how would "not detecting" this, mean anything ?

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.