←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1124 points CrankyBear | 1 comments | 11 Nov 25 18:32 UTC | HN request time: 0s | source
Show context
andriamanitra ◴[12 Nov 25 12:56 UTC] No.45899577[source]
As much as I hate to be on Google's side I think they're doing a reasonable thing here. Valid bug reports are valuable contributions on their own, and disclosing security issues is standard practice. Not disclosing them doesn't help anyone. Security through obscurity is not security. If neither FFMPEG nor Google dedicate resources to fixing the issue in 90 days, making it public at least ensures that it gets visibility and thus has a higher chance to get fixed by a third party.

I'm sure Google could (and probably should) do even more to help, but FFMPEG directing social media rage at a company for contributing to their project is a bone-headed move. There are countless non-Google companies relying on FFMPEG that do much less for the project, and a shit show like this is certainly not going to encourage them to get involved.

replies(2): >>45899608 #>>45900012 #
1. krick ◴[12 Nov 25 13:39 UTC] No.45900012[source]
That was exactly my thought. To be fair, I probably end up thinking that because this article is written is this trashy dumbass style, which portrays it as "Google bug reports vs. ffmpeg bug fixes", which is simply unfair: as you've said, a bug report is a contribution, not some kind of a demand. That being said, I kinda do understand if someone from ffmpeg said something snarky about that on Twitter, since surely if Google (of all things) as an organization sees it valuable to contribute by sending bug reports, it surely isn't less feasible (logistically or economically) for them to also work on a patch, than it is for random people within ffmpeg mailing list itself.