On Wed, Jul 23, 2025 at 06:43:51PM +0200, Dimitry Andric wrote: > On 23 Jul 2025, at 18:27, Michael Niedermayer wrote: > > > > On Wed, Jul 23, 2025 at 03:45:28PM +0200, Timo Rothenpieler wrote: > >> On 23/07/2025 13:43, Michael Niedermayer wrote: > >>> Hi everyone > >>> > >>> I intend to create the release/8.0 branch in the next 1-2 weeks > >>> after that i intend to make teh 8.0 release in the following 1-2 weeks > >>> > >>> If theres something you want in it make sure its pushed before the branch > >>> is made. > >> > >> Would it be sensible to enable tls verify by default with 8.0? > >> Or would that have to go through a longer "deprecation" period? > >> > >> We've just added proper verification support to openssl, schannel and other > >> backends already had it. > >> It's just default-disabled for some reason. > >> IMO it'd make sense to turn it on by default, it has surprised me and other > >> people in the past that FFmpeg does not verify TLS certificates in any way > >> by default. > > > > Is there some disadvantage ? > > > > if not i would suggest to enable it > > As long as there is a command line option to disable checking, it should > be a good default. > There are many sites out there with badly configured > certificates, or self-signed ones, which would no longer work, otherwise. the fix for this is to check crt.sh example: https://crt.sh/?q=ffmpeg.org and if there are or where correct certificates, reject the self signed one otherwise allow self signed by default with a warning thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Everything should be made as simple as possible, but not simpler. -- Albert Einstein