←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1124 points CrankyBear | 2 comments | 11 Nov 25 18:32 UTC | HN request time: 0.415s | source
1. isaacfrond ◴[12 Nov 25 08:55 UTC] No.45897887[source]
Only accepting bugs with a fix is not a solution. Because who is going to vet the patches? Are you going to accept a Chinese patch for some obscure security issue? This is how real security problems are introduced.
replies(1): >>45897958 #
2. homebrewer ◴[12 Nov 25 09:05 UTC] No.45897958[source]
Why not? The three letters are not going to send their backdoored patches under a pseudonym people like you would find suspicious. They would send it (and very likely are doing that already) under the name of "James Smith".

You really should check out much much code in e.g. the Linux kernel is written outside of "the West". It's not the 90s anymore.