Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] Democratization work in progress draft v2
Date: Sun, 2 Feb 2025 18:35:08 -0300
Message-ID: <6b268c9f-d488-495b-a093-2a5bb23c6502@gmail.com> (raw)
In-Reply-To: <20250201222703.GU4991@pb2>


[-- Attachment #1.1.1: Type: text/plain, Size: 3791 bytes --]

On 2/1/2025 7:27 PM, Michael Niedermayer wrote:
> Hi James
> 
> On Sat, Feb 01, 2025 at 10:30:21AM -0300, James Almer wrote:
>> On 1/31/2025 9:49 PM, Michael Niedermayer wrote:
> [...]
>>>
>>>
>>>> has worked. Changing it now because one person was unhappy with a CC (That
>>>
>>> This is a false statement. Iam not suggesting a change to the GA because of one CC
>>> iam suggesting a change because it is vulnerable to an attack.
>>>
>>> (The CC isnt even fixed by this, i think the concept of a CC elected out of a
>>> community thats full of mutual hate is a bad idea)
>>>
>>> But back to the topic, what do you suggest to fix the vulerability in the GA ?
>>> Or you dont care?
>>
>> Why do you say there's a vulnerability in the GA?
> 
> The FAQ describes how to exploit it. And i belive others independantly found
> this issue as well.
> 
> 
>> Has it been exploited for
> 
> Given the nature of this vulerability, its very hard to detect it being exploited
> 
> 
>> this to be an issue?
> 
> While active eploitation, certainly makes an issue worse. In general and
> especially when exploitation is not detectable, this is something we cannot wait for
> 
> 
>> Did someone to your knowledge buy a developer to write
>> 20 commits and get them into the GA?
> 
> Lets be carefull here with the words. But the awnser is "yes"
> Many developers have been paid to write commits. employees, contractors, students
> 
> Do i know of someone being asked after that to vote in a specific way ?
> No, how could i know other peoples private communication
> 
> Have people asked me how/if they should vote ?
> Yes, some people did ask.
> 
> In general "few time" outside contributors being payed to do some work dont
> care about the votes, they come, do some work and leave.
> I would expect the random subscriber of 2000 on ffmpeg-devel to care more
> as they follow the list for a long term they care more about the consequences

But what are the chances they'd get into the GA? Few-times outside 
contributors rarely submit more than a couple patches to implement the 
work they were paid for to do. Hardly 20 commits.
And we could always stop asking people to split their patches into 
several different smaller patches (cosmetics, refactoring, etc) to 
reduce the chances of one time contributors from meeting the GA 
requirements.

Looking at the current GA, do you see anyone in it who wrote code for 
their employer, met the requirements, and stopped being active after 
their work was upstreamed?

> 
> 
>> Otherwise, you're making a big deal out
>> of an hypothetical, and that's really damaging to the project.
>>
> 
>> I don't know if you realize, but you're being incredibly disrespectful with
>> almost everyone who has contributed anything in the last decade, treating
>> them as moles trying to bring down the project instead of contributing to
>> its success.
> 
> I would appreciate if you keep this emotional drama out. We need to look
> with a clear head at this. Noone is disrespectful to people using ssh if
> ssh is vulnerable.

It's not emotional drama, it's a fact. By your own admission you 
consider the GA, composed of almost every currently active developer, 
untrustworthy, vulnerable and in need to be scrapped or repurposed, with 
nothing to back that distrust other than hypotheticals about being an 
attack vector. Is that not being disrespectful to the people in it?

A potential "attack" to the GA can be worked around, as exemplified 
above. To request a complete redo of the system, arguments and actual 
events with considerable weight are needed. Otherwise, as i mentioned 
before, it will be perceived as someone asking for changes because they 
are unsatisfied.


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  parent reply	other threads:[~2025-02-02 21:35 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-29 20:33 Michael Niedermayer
2025-01-29 21:39 ` Leo Izen
2025-01-29 21:47   ` Nicolas George
2025-01-29 21:48   ` Soft Works
2025-01-30  6:38     ` Vittorio Giovara
2025-01-29 23:43 ` Niklas Haas
2025-01-30 18:04   ` Michael Niedermayer
2025-01-31 14:36     ` Nicolas George
2025-01-31 14:58   ` Nicolas George
2025-01-31 15:44     ` James Almer
2025-01-31 16:01       ` Soft Works
2025-02-02  2:25         ` Leo Izen
2025-02-02  3:37           ` Soft Works
2025-02-02  7:29           ` Vittorio Giovara
2025-02-01  0:49       ` Michael Niedermayer
2025-02-01  6:45         ` Zhao Zhili
2025-02-01 13:21           ` Ronald S. Bultje
2025-02-01 14:30             ` Vittorio Giovara
2025-02-01 14:11           ` Jean-Baptiste Kempf
2025-02-01 14:31             ` Vittorio Giovara
2025-02-02 11:34           ` Michael Niedermayer
2025-02-01 13:30         ` James Almer
2025-02-01 21:53           ` Michael Niedermayer
2025-02-02 18:14             ` James Almer
2025-02-03 18:08               ` Michael Niedermayer
2025-02-03 18:16                 ` Vittorio Giovara
2025-02-03 19:14               ` Michael Niedermayer
2025-02-03 20:45                 ` Nicolas George
2025-02-03  2:29             ` Ronald S. Bultje
2025-02-01 22:27           ` Michael Niedermayer
2025-02-01 22:29             ` Kieran Kunhya via ffmpeg-devel
2025-02-02 21:35             ` James Almer [this message]
2025-01-30  6:41 ` Vittorio Giovara
2025-02-01 20:44 ` Nicolas George
2025-02-02  0:01   ` Michael Niedermayer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6b268c9f-d488-495b-a093-2a5bb23c6502@gmail.com \
    --to=jamrial@gmail.com \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git