Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170929151218.0cfb25c2@pc1>
Date: Fri, 29 Sep 2017 15:12:18 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: The Internet Bug Bounty: Data Processing
 (hackerone.com)

On Thu, 28 Sep 2017 23:13:22 -0700
Reed Loden <reed@...dloden.com> wrote:

> Separately, we're happy to announce that libav (
> https://git.libav.org/?p=libav.git;a=summary) was added to the scope
> earlier today.

I'm surprised by this. When I saw the ibb-data bounty I immediately
wondered whether ffmpeg should be in there.

Is there a reason libav is in and ffmpeg is not? Were there concerns by
the ffmpeg devs? (I'm not taking a side in the libav/ffmpeg wars, but
my impression is that many distros who had used libav for some time
have switched back and ffmpeg is clearly the more widely used of the
forks.)

Given that imagemagick+graphicsmagick are already in there I assume
there's no general problem for IBB to support competing forks.

At the very least I'd recommend that you make sure all ibb-reports for
libav get tested against ffmpeg.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.