←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1124 points CrankyBear | 2 comments | 11 Nov 25 18:32 UTC | HN request time: 0.424s | source
Show context
ganelonhb ◴[11 Nov 25 19:14 UTC] No.45891485[source]
Not too fond of maintainers getting too uppity about this stuff. I get that it can be frustrating to receive bug report after bug report from people who are unwilling or unable to contribute to the code base, or at the very least to donate to the team.

But the way I see it, a bug report is a bug report, no matter how small or big the bug or the team, it should be addressed.

I don’t know, I’m not exactly a pillar of the FOSS community with weight behind my words.

replies(4): >>45891536 #>>45891550 #>>45891599 #>>45900858 #
StopDisinfo910 ◴[11 Nov 25 19:17 UTC] No.45891550[source]
It’s not bug reports. It’s CVE.

There is a convergence of very annoying trends happening: more and more are garbage found and written using AI and with an impact which is questionable at best, the way CVE are published and classified is idiotic and platform founding vulnerability research like Google are more and more hostile to projects leaving very little time to actually work on fixes before publishing.

This is leading to more and more open source developers throwing the towel.

replies(2): >>45891594 #>>45891671 #
ranger_danger ◴[11 Nov 25 19:21 UTC] No.45891594[source]
CVEs aren't caused by bugs?
replies(3): >>45891838 #>>45892303 #>>45898318 #
1. kykat ◴[11 Nov 25 19:42 UTC] No.45891838[source]
You could argue that, but I think that a bug is the software failing to do what it was specified, or what it promised to do. If security wasn't promised, it's not a bug.
replies(1): >>45892086 #
2. adastra22 ◴[11 Nov 25 20:03 UTC] No.45892086[source]
Which is exactly the case here. This CVE is for a hobby codec written to support digital preservation of a some obscure video files from the 90’s that are used nowhere else. No security was promised.