Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: Soft Works <softworkz-at-hotmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull requests
Date: Thu, 13 Feb 2025 00:40:04 +0000
Message-ID: <DM8P223MB0365E3FF08EC0D447C9562B2BAFF2@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <CABWZ6OSOiuSjsWL54EkDP06aAB+NXi7pLZN1Y9MC4+-ZPX8N_A@mail.gmail.com>



> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Romain Beauxis
> Sent: Donnerstag, 13. Februar 2025 01:25
> To: FFmpeg development discussions and patches <ffmpeg-
> devel@ffmpeg.org>
> Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull requests
> 
> Le mer. 12 févr. 2025 à 18:17, Soft Works
> <softworkz-at-hotmail.com@ffmpeg.org> a écrit :
> >
> >
> >
> > > -----Original Message-----
> > > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Timo
> > > Rothenpieler
> > > Sent: Donnerstag, 13. Februar 2025 00:34
> > > To: ffmpeg-devel@ffmpeg.org
> > > Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull requests
> > >
> > > On 13.02.2025 00:07, Soft Works wrote:
> > > >
> > > >> -----Original Message-----
> > > >> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> > > Timo
> > > >> Rothenpieler
> > > >> Sent: Mittwoch, 12. Februar 2025 22:33
> > > >> To: ffmpeg-devel@ffmpeg.org
> > > >> Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull
> requests
> > > >>
> > > >> On 12.02.2025 22:22, Stephen Hutchinson wrote:
> > > >>> Are all accounts restricted to owning a maximum of 0 repositories by
> > > >>> default, or is it set to 0 only for those that sign up through one of
> > > >>> the external logins?
> > > >>
> > > >> It's set to 0 by default, to avoid spammers uploading junk, or just
> > > >> people (ab)using it for non-ffmpeg things.
> > > >>
> > > >> You can open issues and comment on existing PRs.
> > > >> And also create PRs using the AGit workflow:
> > > >> https://forgejo.org/docs/latest/user/agit-support/
> > > >
> > > > For those who are too lazy to look it up:
> > > >
> > > > The "Agit workflow" requires you to use non-standard Git "push-
> options"
> > > > (either -o or --push-options):
> > > >
> > > > git push origin HEAD:refs/for/master -o topic="topic-branch" \
> > > >    -o title="Title of the PR" \
> > > >    -o description="# The PR Description
> > > > This can be **any** markdown content.\n
> > > > - [x] Ok"
> > > >
> > > > This means essentially that our attempt to move away from the e-mail-
> based
> > > submission procedure to something easy and user-friendly, would end up
> in
> > > replacing the current rarely-known mechanism with another even more
> rare
> > > and obscure procedure which would (again) force everybody to use the Git
> > > command line because it's (again) not supported by any tooling except Git
> CLI.
> > > >
> > > > I'm afraid, but from my point of view, this doesn't match the objective.
> > >
> > > The only alternative is to completely lock down the instance, and not
> > > allow new users at all without manual approval of each and every one.
> > >
> > > People can just ask to be allowed to fork, but by default, allowing it
> > > is not feasible.
> >
> > Hm, please help me understand what kind of spam we're talking about here.
> I can't imagine somebody would take the effort for selling some pills to ffmpeg
> developers. When it's about advertising anything, that's not the kind of reach
> those people are typically looking for.
> >
> > Or is it about misusing repos for storage of illegal content? The largest file
> currently is just 953kB, so we could enforce a limit small enough to make it
> unattractive for this purpose (unlike GitHub with 100MB per file).
> >
> > We could also disallow repos with custom content (i.e. only forks of ffmpeg
> are allowed as repo content).
> >
> > Then I wonder, where would be the harm? Some thousand unused forks of
> ffmpeg shouldn't be a problem - but maybe I'm overseeing something?
> 
> There are all sorts of copyrightable material that can be embedded
> into a git repo.

That's why I mentioned that a file size limit could prevent this. With a 2 MB limit per file, it becomes totally unattractive for this kind of abuse.

> Given that this all amounts to manpower from the operator

AFAIK, you are only responsible to take stuff down once you get notified, you don't need to actively look for anything.

> Also payloads for malicious software.

Okay, but when it's in a repo, what happens next? I mean why would somebody store that in a repo? What would be the goal?

Also, I wonder how this would be different from attachments on https://trac.ffmpeg.org ? There's no requirement for user "approval" as well..

sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  reply	other threads:[~2025-02-13  0:40 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-12 18:06 Michael Niedermayer
2025-02-12 18:49 ` Lynne
2025-02-12 18:53   ` Romain Beauxis
2025-02-12 19:23     ` Lynne
2025-02-12 21:22       ` Stephen Hutchinson
2025-02-12 21:32         ` Timo Rothenpieler
2025-02-12 21:37           ` Soft Works
2025-02-12 21:51             ` Timo Rothenpieler
2025-02-12 22:01               ` Soft Works
2025-02-12 22:05                 ` Timo Rothenpieler
2025-02-12 22:16                   ` Soft Works
2025-02-12 23:29                     ` Timo Rothenpieler
2025-02-12 23:34                       ` Kieran Kunhya via ffmpeg-devel
2025-02-13  0:27                         ` Timo Rothenpieler
2025-02-13  4:05                   ` martin schitter
2025-02-12 22:12           ` Romain Beauxis
2025-02-12 23:22             ` Soft Works
2025-02-12 23:07           ` Soft Works
2025-02-12 23:34             ` Timo Rothenpieler
2025-02-13  0:17               ` Soft Works
2025-02-13  0:24                 ` Romain Beauxis
2025-02-13  0:40                   ` Soft Works [this message]
2025-02-13  1:52                     ` Timo Rothenpieler
2025-02-13  2:59                       ` Soft Works
2025-02-13  6:14                         ` Lynne
2025-02-13  6:50                           ` martin schitter
2025-02-13  6:54                           ` Soft Works
2025-02-12 20:38   ` Michael Niedermayer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM8P223MB0365E3FF08EC0D447C9562B2BAFF2@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM \
    --to=softworkz-at-hotmail.com@ffmpeg.org \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git