From: Derek Buitenhuis <derek.buitenhuis@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] [EXTERNAL] Request for Official GitHub Mirror of rtmpdump for Enhanced Security
Date: Fri, 26 Apr 2024 01:02:14 +0100
Message-ID: <67c33ee5-2ecf-414e-b26d-cf3758a897b9@gmail.com> (raw)
In-Reply-To: <D71AB210-ED70-45E3-8BE2-9771345D6C03@microsoft.com>
Hi,
Replies inline.
On 4/26/2024 12:10 AM, Javier Matos Denizac via ffmpeg-devel wrote:
> Actually, I noticed that you publish release tarballs -> http://rtmpdump.mplayerhq.hu/download/, but I don’t see a release tarball for 2.4. Would y’all be willing to publish a release for 2.4 and maybe mint and publish a release tarball for 2.6?
As far as I can tell, the rtmpdump author has, move away from tarballs
and only uses git tags, now, as per https://rtmpdump.mplayerhq.hu/, which
itself seems outdated.
You may have better luck contacting its main contributor (Howard Chu), on
rtmpdump's own mailing list (https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump)
or directly. FFmpeg only provides infrastructure for it, to my knowledge.
> As for why SHA-512, we use SHA-512 checksums to verify the integrity of the file and as an identifier for our asset caching mechanism. That way we can identify if we have already downloaded the tarball and avoid downloading it again.
It was unclear you were talking about tarballs as you only referred to GitHub and
the FFmpeg-run git server...
That said, I am unsure why git is not considered secure / verifiable enough, compared
to a tarball. I would actually argue the opposite is true for autogenerated tarballs
like GitHub provides.
- Derek
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
prev parent reply other threads:[~2024-04-26 0:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-23 19:04 [FFmpeg-devel] " Javier Matos Denizac via ffmpeg-devel
2024-04-23 21:46 ` Michael Niedermayer
2024-04-25 12:38 ` Derek Buitenhuis
2024-04-25 23:10 ` [FFmpeg-devel] [EXTERNAL] " Javier Matos Denizac via ffmpeg-devel
2024-04-26 0:02 ` Derek Buitenhuis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67c33ee5-2ecf-414e-b26d-cf3758a897b9@gmail.com \
--to=derek.buitenhuis@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git