Hi

On Sun, Feb 23, 2025 at 06:49:23PM +0200, Rémi Denis-Courmont wrote:
> Le sunnuntaina 23. helmikuuta 2025, 11.12.36 UTC+2 Michael Niedermayer a écrit 
> :
> > On Sun, Feb 23, 2025 at 09:56:35AM +0100, Michael Niedermayer wrote:
> > > I suggest
> > > 1. if you fix a security issue or apply a security fix, make sure it is
> > > backported to all supported releases
> > > 2. if you see a CVE # thats not on the security page, mail ffmpeg-security
> > > 3. If you see issues on trac that seem important, please make sure they
> > > are fixed and backported, having someone like carl who knew and maintained
> > > all issues would be quite usefull
> > 
> > 4. Someone should cross check
> > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ffmpeg and our security
> > page and backported fixes and backport missing fixes and fix unfixed
> > issues.
> 
> I find these suggestions very agreeable... as long as someone else is 
> responsible. Luckily, I am not on ffmpeg-security, so I have a rock-solid 
> excuse.

ffmpeg-security is a mail alias
security reports are sent there and forwarded/delegated to the right expert
in the team. (unless they can be fixed at the spot)

Security is the responsibility of the whole Team

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No snowflake in an avalanche ever feels responsible. -- Voltaire