Most active commenters

    ←back to thread

    FFmpeg to Google: Fund us or stop sending bugs

    (thenewstack.io)
    1125 points CrankyBear | 13 comments | 11 Nov 25 18:32 UTC | HN request time: 0.219s | source | bottom
    1. justahuman74 ◴[11 Nov 25 19:36 UTC] No.45891782[source]
    Does Google seriously not have a whole team of people who help maintain ffmpeg?
    replies(3): >>45892013 #>>45892081 #>>45898545 #
    2. adastra22 ◴[11 Nov 25 19:56 UTC] No.45892013[source]
    Yes. But they don’t upstream. Why would they?
    replies(2): >>45892550 #>>45896080 #
    3. dieortin ◴[11 Nov 25 20:02 UTC] No.45892081[source]
    https://github.com/search?q=repo%3AFFmpeg%2FFFmpeg+google.co...
    replies(1): >>45898556 #
    4. justahuman74 ◴[11 Nov 25 20:43 UTC] No.45892550[source]
    Great, they can fix the bugs being filed by another part of their company
    replies(2): >>45892646 #>>45894991 #
    5. Ferret7446 ◴[11 Nov 25 20:50 UTC] No.45892646{3}[source]
    So would you rather Google have a secure ffmpeg while us plebian individual users continue to have an insecure ffmpeg?
    replies(1): >>45897331 #
    6. warkdarrior ◴[12 Nov 25 00:44 UTC] No.45894991{3}[source]
    They probably fixed in the internal version.
    7. cataflam ◴[12 Nov 25 03:24 UTC] No.45896080[source]
    Don't they?

    https://git.ffmpeg.org/gitweb/ffmpeg.git?a=search&h=HEAD&st=...

    8. GaryBluto ◴[12 Nov 25 07:37 UTC] No.45897331{4}[source]
    It's frustrating to me how many people are siding with FFmpeg here considering how unprofessional and generally asshole-ish they are being.

    I feel that this is mostly a kneejerk reaction to AI and Google in general, with people coming up with arguments to support their reaction after already forming an opinion.

    replies(1): >>45900762 #
    9. alecco ◴[12 Nov 25 10:32 UTC] No.45898545[source]
    Adding code/fixes is a tiny fraction of work compared to reviewing and maintaining.

    The only reasonable way is for Google and other big corps to either sponsor members of the existing team or donate money to the project. And making it long term not one-shotting for publicity.

    10. alecco ◴[12 Nov 25 10:34 UTC] No.45898556[source]
    As in another comment, adding code/fixes only adds more work to the existing ffmpeg team as they need to review and maintain it forever. It's not good enough. Even security fixes in the style of "drive-by patching" are derided in security-oriented open source projects.
    11. NoGravitas ◴[12 Nov 25 14:37 UTC] No.45900762{5}[source]
    It's a volunteer project, they have no requirement to be 'professional'. That's basically the root of the whole issue. A hobby project is not a product, and its developers are not vendors. Free software is not a supply chain.
    replies(2): >>45904395 #>>45905758 #
    12. Dylan16807 ◴[12 Nov 25 18:58 UTC] No.45904395{6}[source]
    The word "unprofessional" here is muddying the comment more than it helps.

    Let's just saying they're being asshole-ish, which is a problem for volunteer projects just as much as non-volunteer ones.

    The ffmpeg twitter sucks.

    13. joshuamorton ◴[12 Nov 25 20:10 UTC] No.45905758{6}[source]
    > A hobby project is not a product, and its developers are not vendors

    But it's developers do offer paid consulting as ffmpeg maintainers, which Google does pay for.