Most active commenters
  • ranger_danger(3)

←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1125 points CrankyBear | 15 comments | 11 Nov 25 18:32 UTC | HN request time: 0.411s | source | bottom
1. ranger_danger ◴[11 Nov 25 19:12 UTC] No.45891460[source]
Wouldn't they just fork it, fix their own bugs and stop contributing at all?
replies(6): >>45891483 #>>45891531 #>>45891743 #>>45892105 #>>45892143 #>>45892666 #
2. blibble ◴[11 Nov 25 19:14 UTC] No.45891483[source]
Google internally maintaining a fork that attempts to track upstream has a ongoing cost that increases over time

vs. spamming OSS maintainers with slop reports costs Google nothing

replies(1): >>45892349 #
3. immibis ◴[11 Nov 25 19:16 UTC] No.45891531[source]
Probably what they want to do once the original project burns out
4. dboon ◴[11 Nov 25 19:33 UTC] No.45891743[source]
Forking puts you in another hell as Google. Now you have to pay someone to maintain your fork! Maybe for a project that’s well and fully complete that’s OK. But something like FFmpeg is gonna get updated all the time, as the specs for video codecs are tweaked or released.

Their choice becomes to: - maintain a complex fork, constantly integrating from upstream. - Or pin to some old version and maybe go through a Herculean effort to rebase when something they truly must have merges upstream. - Or genuinely fork it and employ an expert in this highly specific domain to write what will often end up being parallel features and security patches to mainline FFmpeg.

Or, of course, pay someone in doing OSS to fix it in mainline. Which is the beauty of open source; that’s genuinely the least painful option, and also happens to be the one that benefits the community the most.

5. inerte ◴[11 Nov 25 20:04 UTC] No.45892105[source]
If you're going to fix the bug, why not in the main project?
replies(1): >>45892297 #
6. wewewedxfgdf ◴[11 Nov 25 20:07 UTC] No.45892143[source]
That costs cash and the big tech companies are a little short at the moment.
7. ranger_danger ◴[11 Nov 25 20:19 UTC] No.45892297[source]
Any time I have tried to fix a bug in an open source project I was immediately struck down with abusive attitudes about how I didn't do something exactly the way they wanted it that isn't really documented.

If that's what I have to expect, I'd rather not even interact with them at all.

replies(4): >>45892519 #>>45892628 #>>45892791 #>>45894498 #
8. esrauch ◴[11 Nov 25 20:24 UTC] No.45892349[source]
Is there really slop here though? It sounds like the specific case identified was a real use after free in an obscure file format but which is enabled by default.

If it was slop they could complain that it was wasting their time on false or unimportant reports, instead they seem to be complaining that the program reported a legitimate security issue?

replies(1): >>45902715 #
9. tanvach ◴[11 Nov 25 20:39 UTC] No.45892519{3}[source]
If you really care, I would suggest helping with documenting how the process should work for others to reference going forward.
replies(1): >>45892853 #
10. ◴[11 Nov 25 20:49 UTC] No.45892628{3}[source]
11. jeffbee ◴[11 Nov 25 20:52 UTC] No.45892666[source]
They undoubtedly already maintain a fork of the project, considering that they have a private compression accelerator that nobody else has access to.
12. shevy-java ◴[11 Nov 25 21:01 UTC] No.45892791{3}[source]
I don't think this is what typically happens. Many of my bug reports were handled.

For instance, I reported to the xorg-bug tracker that one app behaved oddly when I did --version on it. I was batch-reporting all xorg-applications via a ruby script.

Alan Coopersmith, the elderly hero that he is, fixed this not long after my report. (It was a real bug; granted, a super-small one, but still.)

I could give many more examples here. (I don't remember the exact date but I think I reported this within the last 3 years or so. Unfortunately reporting bugs in xorg-apps is ... a bit archaic. I also stopped reporting bugs to KDE because I hate bugzilla. Github issues spoiled me, they are so easy and convenient to use.)

13. ranger_danger ◴[11 Nov 25 21:07 UTC] No.45892853{4}[source]
I would if people were not abusive to me in the first place, but that attitude just turns me off to the entire project.
14. inerte ◴[11 Nov 25 23:49 UTC] No.45894498{3}[source]
I feel you, and that's a different issue than the one in this thread, which is in general if maintainers ignore bug reports, their projects will be forked and the issue fixed anyway but not in the main project.
15. kastagg ◴[12 Nov 25 17:12 UTC] No.45902715{3}[source]
If a maintainer complains about slop bug reports, instead of assuming the worst of the maintainer, it'll often be more productive to put yourself in their shoes and consider the context. An individual case may simply be the nth case in a larger picture (say, the straw that broke the camel's back). Whenever this nth case is observed, if you only consider that single case, a response also informed by detailed personal consideration of the preceding (n-1) cases may appear grossly and irrationally disproportionate, especially when the observer isn't personally that involved.

For a human, generating bug reports requires a little labor with a human in the loop, which imposes a natural rate limit on how many reports are submitted, which also imposes a natural triaging of whether it's personally worth it to report the bug. It could be worth it if you're prosocially interested in the project or if your operations depend on it enough that you are willing to pay a little to help it along.

For a large company which is using LLMs to automatically generate bug reports, the cost is much lower (indeed it may be longer-term profitable from a standpoint like marketing, finding product niches, refining models, etc.) This can be asymmetric with the maintainer's perspective, where the quality and volume of reports matter in affecting maintainer throughput and quality of life.