FFmpeg to Google: Fund us or stop sending bugs

Fully on FFmpeg team side, many companies approach to FOSS is only doing so when it sounds good on their marketing karma, leech otherwise.

Most of them would just pirate in the old days, and most FOSS licences give them clear conscience to behave as always.

This is why many have warned against things like MIT licence. Yes, it gives you source code and does easily get incorporated into a lot of projects but it comes at the cost of potential abuse.

Yes, GPL 3 is a lot ideologically but it was trying to limit excessive leeching.

Now that I have opened the flood gates of a 20 year old debate, time to walk away.

Google Project Zero just looks for security issues in popular open source packages, regardless of if Google itself even uses those packages or not.

So I'm not sure what GPLv3 really has to do with it in this case, if it under was a "No billion dollar company allowed" non-free-but-source-available license, this same thing would have happened if the project was popular enough for Project Zero to have looked at it for security issues.

The difference is that Google does use it, though. They use it heavily. All of us in the video industry do - Google, Amazon, Disney, Sony, Viacom, or whoever. Companies you may have never heard of build it into their solutions that are used by big networks and other streaming services, too.

Right, Google absolutely should fund ffmpeg.

But opening security issues here is not related to that in any way. It's an obscure file format Google definitely doesn't use, the security issue is irrelevant to Google's usages of it.

The critique would make sense if Google was asking for ffmpeg to implement something that Google wanted, instead of sending a patch. But they don't actually care about this one, they aren't actually asking for them to fix it for their benefit, they are sending a notice of a security issue that only affects people who are not Google to ffmpeg.