From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 2F31649993 for ; Thu, 29 May 2025 02:59:42 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 0E53768D4B3; Thu, 29 May 2025 05:59:38 +0300 (EEST) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12olkn2042.outbound.protection.outlook.com [40.92.21.42]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B4D5568CD95 for ; Thu, 29 May 2025 05:59:30 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=r0cKc6zqgH1vVNHIlBcroaWhP+rtLtjy/SHzf8Yq32WOw2J/DrbM9ZHTug5m0BM42PgSfFl09hdK7GCyqeEhZmPQ4fe/cNNlul4nKPfxrCAfOZMsahu6uyO/n1hmMql25uaokqWMiZv6ZZoHqUloruO4x2Kv4Y7v86nifcusAFDPxPgxTSZLFsQ/aXSSVt7AoWL6QnqKUYrPieknpeNvBaun4JYLKKyLWyDyUrsQeaBZGF5hxKcUxpryZrqeIJyHz/3wCGOAg3gEuCyKQ78AbIOVwXz0mAqvZ5y7D/csfyYBK7j//UXxZ3wGB0jITJ0KYf8nOQHRREP9Kqhi42npWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6yU2sYY5ZJEoOwTIA2NjarG9KLHz14WYmBDsemXptM0=; b=caP/LnRhwHtDtD4vDKAvwncTjZM6jBSm6RV1R1vOkSfhEE/Vww9VUqjelWWD9UOD1z8d7bRH3AQGlZirYMDRnom7Ir3tLG1EsigpEMey5aViNxeok60Ctj0GA1kk0Lf6yDN0L1egxFonYoS0EariHZAQI/LnwFE8VYJM9piwf7lb8gbLsmpu9tlziT7oaL2SvTmuB1RcJfsrk6zzio3hy9nuwqe52WWLZOA7vsQTWMsEuQFULsFQamMF3hyq71nTxstGE28izUFJtjFnJUmYHFvh5sGqI4+/rP0Nd/kwtd1YQ+NRW8gefHDYBS+VAnsr597GwJZo4ImlWUeU63iL3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6yU2sYY5ZJEoOwTIA2NjarG9KLHz14WYmBDsemXptM0=; b=VzWj6/czT8VLXD0wFgGzsOembNyB4e7ncikR617gVnTQa/QQ5ngHJPrGbv3VYmRU/BPkiJl4WwPZcpDZ0YEo7pA9NE+v7XNJLmJILVNnwvJRBMzNh0mC+NF5IuIk51y01uHuo8EXTOIakMzvqdc9G4L2Tr82A5Y8AkNMl8kJZyNY5MrNdkimEsclMz/uBVvVKLtdaGw2ldbEADPSosQ2DqqynHnI2cCSxziUE9ol/54E/5D1k8ue/xJY55Tgv/53nnu3D+tcQtTkclroY6VLD9lRar053UZfWMo5I+xWeiG9xJdGe8uEcuTggTHpyAhCZfDuNkYvJx6LxDac9U5HyQ== Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM (2603:10b6:8:b::20) by PH7P223MB0617.NAMP223.PROD.OUTLOOK.COM (2603:10b6:510:1ab::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.29; Thu, 29 May 2025 02:59:27 +0000 Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM ([fe80::bf09:8e9:b07f:98a7]) by DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM ([fe80::bf09:8e9:b07f:98a7%4]) with mapi id 15.20.8769.025; Thu, 29 May 2025 02:59:27 +0000 From: "softworkz ." To: FFmpeg development discussions and patches Thread-Topic: The "bad" Patch Thread-Index: AdvP5A/caz+BEOrrT3qQ8MYT/a5IsAART39g Date: Thu, 29 May 2025 02:59:26 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM8P223MB0365:EE_|PH7P223MB0617:EE_ x-ms-office365-filtering-correlation-id: 09619e12-80d2-4f6c-eb24-08dd9e5cd2f8 x-ms-exchange-slblob-mailprops: q6Zzr5Fg03FXVRqeIIRcm724TWS4ubSwKrjrjSDCzDqh6Kyi3XyTvCnwiKmSmNLjkeAc0EHhGrXLG3kcFGyn7H9VW1SuWkPBLNhKdDuuCaL7IigIT7adgcSGbHMR2cnOej1D2qHYjB5bFI/A9elC81KPGPunTYAjdqhffdiyWIJ9p9RyumL4UmCupSN05v9cMbOkfDBZ/u8iVmHh8rC5xRpHpY6a1UaxtsPzRR4dmkprqAEWQQam9H4jEIaCKgkhhF7uw3nZYgOKlkJYLL2dUD1p1PBg/ubRKF9XnFnZiS/3Hx/8o7uxX3xXJOJV+AN6O12xJMiC7zeJmr73FbfDj53+cbM1lbgo7bzf0CunupYTU+nxzdiLK31vZR7HecZE8PoOOdq4Dvez0PaFexo0elrXcStd/uibXQVOYM4iIQbGjdT43hgYdeymlaC/2ocHmRvxtj96FwaPi1hX291pBVVSPVpjJQIkSPxXQaIfpGSsaM/cBcvAst6gWE/t+nb4NfYYJ9BXxWAkY56KMhLUM8z6iMJZ/vSlSzbJM4DvOvsF5sESCAfzRdG/R4daWZJPxN/9GgeTZOSdgj5axwYbkUaq0FzxKN8UE6VG0wnksomX++cc+Ds2ir6eot5sRcWOePA9FmDM8vgdogAaNCybvBydz9AgFv1Ija2a3V1VBIU2CaDZD4/EUZo2NC2NVhLQ x-microsoft-antispam: BCL:0; ARA:14566002|12121999007|15080799009|8062599006|8060799009|19110799006|7092599006|461199028|3412199025|440099028|30101999003|102099032; x-microsoft-antispam-message-info: =?us-ascii?Q?8DOIC0BuQEqcJVtP8EgMqgLQzKWe0l7iTom2AtM5ySsAEU9SNbJxJAvWZU4F?= =?us-ascii?Q?hGvav0mU992JrnZE+fwo0zFGZ5/NuB0kUqq3jfdVPrQ92zdMGlE+oZycohgW?= =?us-ascii?Q?4B1bGOTwNzpQEfkm78NqkeeukYN/hBJn33v2vaMcyaIc1NfanLih/5nrz8w1?= =?us-ascii?Q?qdf+GXRYzDQNc6CTXrBW5tDwSB2Ja2O6fUh5L06nshV3KpfdX6VepF+iiE3O?= =?us-ascii?Q?RrZyZghHLsrp6kDEIOzoYcDqFzZfVLamc2u8ho3eTMOwfs9hSZlb4Ob/qlBE?= =?us-ascii?Q?D2hRmdjfna/F3rgMOW12oOExqjmxVPnmzqYs5LaNPvBNQ2xSaHuGISTguQ6J?= =?us-ascii?Q?bGQ1bbGUTwmZU11PlO0wJs8pkUgc3mAU/VcHZ2eFAt37uJjmqwqdwMY33De1?= =?us-ascii?Q?ohWi7mMxjqqCx6Ol1W4yaSafKbDVShPZIfvLEiZBntn2QPRnpTHaf1OA755T?= =?us-ascii?Q?PYcxylB4I4QP06oqhnQ7xJgOeZT9JulQ9X9qikRoX4XQD5P9rnNYJcSUIK4O?= =?us-ascii?Q?UvFDUPrTeci7HwRXao7sDk0IxVqPnFbipvge0Tm7YaVWlVO+hvxwmHXm1eF5?= =?us-ascii?Q?Sp3/MuJ14jzoSylGkZz9w2gkcvOYeAVNCUs0Kq/tyHfCeeCYdNCfDRhL7XiI?= =?us-ascii?Q?+STdGAXOttSMZKN6k1I5XAtvf7vMzBfmrLNxL1zVLTISiwW8WLwfVP1x+OA2?= =?us-ascii?Q?FPRYdFFsftW3mnLB5ygx/KzuQyrCleKIw5lxlGUUwVZ6IzD09yp424OCRSfb?= =?us-ascii?Q?nm8F+xba7V1iQkgizzYDjmkHyQS2pWK4e/BLaJ/CQSEdAa8H6ehA1jyiO01e?= =?us-ascii?Q?Qs4CwALL3TFEzV+ugdLADWdXzcBpmBhxpuTOl1ufDXqn2BLl7kE+XeidxoJQ?= =?us-ascii?Q?nRKEau2nhyUrslxpzt/N/7juaJVyvl2YsU7O42vr/WGsmbGKuha/xxADoC5x?= =?us-ascii?Q?45uI7HWV2APsjXu+CPR2ZxLK4crSZKYqdqZTqlV9tOy/NVaVcIqyHvJ2zIuj?= =?us-ascii?Q?8xEVpq9PRbNmHSh9qGOahGZoUlzIkUY5EPIUaugQ/z4H22HJlhLg5MKAdBSN?= =?us-ascii?Q?BVFazwCMXg5eVCD53d99GTbk9L+yKIfD1PxvOgjWRBfI2L0ijTPyew2sEICA?= =?us-ascii?Q?Y/ZNMSF/y2rD+5tRk3GdrfLhVHpfYDIf/mLZaw0D2qz7fztj6Nt1w4M=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SYWqhZbyuEfHA3rQRN1fhGwbRIJNCxwSFdMmvdZvVq/Y3LdLMJCSLtiKGywf?= =?us-ascii?Q?woRV3mibPFyWO37/lD/rVuioVnyYs5IL+0OU1Ia7zRzXsOj3CjSSegg502AN?= =?us-ascii?Q?Q9UW8xCdqY+dbTeay0sF7uO4vMJJ4R/DwMujEcYqkvsln7z1YQu/+dWv6BKK?= =?us-ascii?Q?AWBhbCtr6wOnOg+nCvHIl0MsXDZ95Z2hkGF+9OfQnYVstqqSDtTbZEzyq4l+?= =?us-ascii?Q?rTdaX1kn+J1GBWw1mivWf7vtH/lqpH909B1wII4HB+Y91e/QvWiW6svlp17X?= =?us-ascii?Q?eWPkXJT9/em13lxmuaHUo8NpmlWdEG1jkrqccq2o71JVX5OVsqhagav9vUWN?= =?us-ascii?Q?hSkdlHWfXOgCZGcVxRfByv+B7iYXpFx0L1+79PcTyvL91MxBYWXJk8oks+fN?= =?us-ascii?Q?jU24saBUgySqsHMoEGFV0GRziVNn8oyg66TwY/yOTWtrXKBoIbMIicgZ3XAO?= =?us-ascii?Q?b/Bt3J7B7CQgfYwW/Qs+E260fA4o43YMU2vmFHatUxz8+ANUgHywww2CqlM3?= =?us-ascii?Q?arQUuQXIVCDHYdRVLOkbdSdBjWaOUfqUTukb8RIEoSXvgfQIcpIzyOpsWN2P?= =?us-ascii?Q?G49QE+v9YASIgfM/DfP9OVD6VL/mbI5vM56G/ID059S8iKq4B3HMCdnSjK4n?= =?us-ascii?Q?4MYKc8OuZZG7Y+pPByeCrkfuU1hb+CUO9fJXjxNtH9p+ked2dCxcRVfsFpc0?= =?us-ascii?Q?Wi33AFqL+mrLyBCzGXFQi2IkO6qf48cBz8KeSUDJS9T30yxYrrS1pCs5+2fL?= =?us-ascii?Q?XgAAvYzB0px/u20Vy8EWekUk41nfxGiO6agZBsG1/NjnVMgf+s72DixoQT6D?= =?us-ascii?Q?cGeLZqqqQggjTEQZk41f+cILUckULcYfA4/VL2FG6YTOU/W0K9k5VLY4AHDT?= =?us-ascii?Q?xwOeLz1ZvJT8DUP3KJM9eMdexXXcjYiRD09YaQtKGYrMqDjE9AON4DAVynME?= =?us-ascii?Q?vFQI+Ph3CiT5jvnxI1LQuPil9mkpODq2euDt/mx7GyJChVWQJQ4wYohwJrE8?= =?us-ascii?Q?oKj9TF2PwNvokEKFygu6kLgbvAteAbttV1o+B8j0o/EDF5bPLioHuhKHjOGd?= =?us-ascii?Q?Yijx0Vjlg0Js3mg3t0y4IbHx1tcNzWrYjaTHbp/lsRK/FIes1PH32eY5Go+N?= =?us-ascii?Q?d5c/e2HQVUaQNcBJ+kEgON78/3nrOqeeRS/tlFuVf432JHg1GF9bJiH9JOA5?= =?us-ascii?Q?41TL6xWIU6G3a+wy1Zdq6gMzlMY7EDNaR8zu/fWoJeXR9oNkOaL6HJ4/XMU?= =?us-ascii?Q?=3D?= MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-8534-20-msonline-outlook-c7cf3.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 09619e12-80d2-4f6c-eb24-08dd9e5cd2f8 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2025 02:59:26.9870 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7P223MB0617 Subject: Re: [FFmpeg-devel] The "bad" Patch X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: > -----Original Message----- > From: ffmpeg-devel On Behalf Of > softworkz . > Sent: Mittwoch, 28. Mai 2025 17:25 > To: FFmpeg development discussions and patches devel@ffmpeg.org> > Subject: [FFmpeg-devel] The "bad" Patch [..] That nobody has responded is not much surprising, but don't worry, all actors will get covered. Let's start with the origin and see how this story got poisoned in the first place On IRC, 2025-05-15 21:25 oh, wow. are we really calling system(cmd)? => yes. it's done for reasons that I could explain if somebody would ask me [..] 21:43 was this reviewed at all? 21:48 Not properly I guess, it is/was a huge patchset, and reviewing it is annoying with that Github-Forwarder [..] 21:49 Why on earth does it even need to open a browser? 21:49 Just print the bloody url 21:52 And yeah, that commit message is super odd. On the ML I see a bunch of unresolved comments as well. => Hadn't looked properly. Later he named messages from revision 3 (but it was at v12 already) [..] 21:53 someone was a bit too eager to push i guess 21:53 michaelni: maybe don't give push access to people so quickly... [..] 22:16 At least if you pass the sg option then it accidentally overwrites the user-supplied file name so it can't be used directly for shell injection. => of course: when I do the right thing, it must be accidentally... [..] This is how mob-building works at a small-scale level. Nobody might have had bad intentions in the first place. But BtbN was already primed by his aversion towards the GitGitGadget submission I use, and that gave a direction, the others followed. It still doesn't mean bad intentions, they had good will in fact. But they had lost respect towards me at large - which had consequences. This can be seen in their subsequent behavior: James Almer (jamrial) ===================== Mailing List "Absolutely not, wtf. Calling an external application like this? Revert this patch or remove this effect immediately." [He didn't even take the effort to put the comment at a place that corresponds to "like this?"] "And there are still unresolved comments you didn't take into account before pushing this set." [I responded that's not the case] "No, there's no need to involve the TC when everyone is telling you that something is wrong. You pushed this set before even addressing all reviews." [Repeated the same false claim, despite my response] => My questions to James - Do you think it was right to spread out that false information without validating yourself? I mean publicly - where many will be reading it and it will stick in their memory - possible for a long time. - Do you think your reaction was adequate, not even really looking at the patch like a developer and going crazy on the ML instead? Especially, when considering that nobody had objected in the same way when it would have had the equivalent code of system() in the patch? - How would you have behaved when the patch would have been from somebody else (e.g. Andreas)? Ramiro ====== He didn't let himself turn that much in the direction of the others. He tried to be friendly and mediate. Just the ChatGPT texts were a bit odd. => Only one question to Ramiro - How do you see the situation now, that you know that nobody would have objected (like this) when it would have had the inlined implementation of system()? Timo Rothenpieler (BtbN) ======================== When I make a mistake or do unjust to anybody, then I apologize clearly and sincerely. But I also don't like demanding for apologies. Demanded apologies are more a matter of humiliating someone and that's not my interest. Only sincere apologies have a value in my eyes. I hope he realizes at least how the false information that he had spread had caused the situation to turn into a really bad direction. => Questions to Timo - You have been the first and foremost strongest opponent of using the system API, even when others said that it's no longer a red flag when it's not done in lib code; you named things for why it's bad and must be reverted. Now that we see the full picture of the code, please explain your position: Is it still a "no-go" or not? If yes, could you please explain to me in detail what exactly is bad about using that API in THIS WAY and in THIS CONTEXT? Which bad things can happen and how exactly? Mark Thompson ============= He's an exception. I think he is probably only one who has really looked at the code. He had made the single - and by far - most valid point at that time. (about the temp directory determination). He was friendly, respectful and professional. Thanks Mark, much appreciated! (I have no questions) Best regards sw _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".