(thenewstack.io)

1125 points CrankyBear | 3 comments | 11 Nov 25 18:32 UTC | HN request time: 0.28s | source

1. Seattle3503 ◴[11 Nov 25 20:40 UTC] No.45892527[source]▶

> “The position of the FFmpeg X account is that somehow disclosing vulnerabilities is a bad thing. Google provides more assistance to open source software projects than almost any other organization, and these debates are more likely to drive away potential sponsors than to attract them.”

This position likely to drive away maintainers. Generally the maintainers need these projects less than the big companies that use them. I'm not sure what Google's endgame is

replies(2): >>45892804 #>>45892992 #

2. DeepYogurt ◴[11 Nov 25 21:02 UTC] No.45892804[source]▶

>>45892527 (TP) #

I doubt there's an endgame in mind. It's probably small teams trying to optimize their quarterly KPIs

3. strictnein ◴[11 Nov 25 21:17 UTC] No.45892992[source]▶

>>45892527 (TP) #

> FFmpeg X account is that somehow disclosing vulnerabilities is a bad thing

I mean, I follow that account and never got this impression from them at all.

↑

FFmpeg to Google: Fund us or stop sending bugs