←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1124 points CrankyBear | 1 comments | 11 Nov 25 18:32 UTC | HN request time: 0.201s | source
Show context
firefax ◴[11 Nov 25 21:25 UTC] No.45893096[source]
Is it unreasonable to ask that if a massive company funds someone to find a CVE in an open source project, they should also submit a patch? Google is a search company. Seems kind of... evil... to pay your devs to find holes in something with nothing to do with searching, then refuse to pay them to fix the problem they noticed.
replies(1): >>45895794 #
tpmoney ◴[12 Nov 25 02:37 UTC] No.45895794[source]
Google contributes to ffmpeg on a fairly regular basis https://git.ffmpeg.org/gitweb/ffmpeg.git/search/HEAD?s=@goog...

No it's not "unreasonable" to ask for patches along with bug fixes, but it is unreasonable to be mad if they don't. They could just not file the bug reports at all, and that is an objectively worse outcome.

replies(2): >>45896133 #>>45902975 #
1. rossjudson ◴[12 Nov 25 03:34 UTC] No.45896133[source]
Note that most open source contributions by Googlers are, as recommended by policy, done under their own personal accounts. There's a required registry internally mapping from their personal account to their @google.com identity.

The nice thing is that the open source contributions done by a Googler aren't necessarily tied to their Google identity.