oss-sec mailing list archives

Re: The Internet Bug Bounty: Data Processing (hackerone.com)


From: Hanno Böck <hanno () hboeck de>
Date: Fri, 29 Sep 2017 15:12:18 +0200

On Thu, 28 Sep 2017 23:13:22 -0700
Reed Loden <reed () reedloden com> wrote:

Separately, we're happy to announce that libav (
https://git.libav.org/?p=libav.git;a=summary) was added to the scope
earlier today.

I'm surprised by this. When I saw the ibb-data bounty I immediately
wondered whether ffmpeg should be in there.

Is there a reason libav is in and ffmpeg is not? Were there concerns by
the ffmpeg devs? (I'm not taking a side in the libav/ffmpeg wars, but
my impression is that many distros who had used libav for some time
have switched back and ffmpeg is clearly the more widely used of the
forks.)

Given that imagemagick+graphicsmagick are already in there I assume
there's no general problem for IBB to support competing forks.

At the very least I'd recommend that you make sure all ibb-reports for
libav get tested against ffmpeg.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


Current thread: