(thenewstack.io)

1124 points CrankyBear | 2 comments | 11 Nov 25 18:32 UTC | HN request time: 0.417s | source

1. insane_dreamer ◴[12 Nov 25 18:11 UTC] No.45903571[source]▶

> it is unreasonable for a trillion-dollar corporation like Google, which heavily relies on FFmpeg in its products, to shift the workload of fixing vulnerabilities to unpaid volunteers. They believe Google should either provide patches with vulnerability reports or directly support the project’s maintenance.

This is so basic it shouldn't even have to be said.

replies(1): >>45904495 #

2. Dylan16807 ◴[12 Nov 25 19:02 UTC] No.45904495[source]▶

>>45903571 (TP) #

The first part is technically true but doesn't apply to this situation. "Shift the workload"? This isn't google's bug, and google doesn't need it fixed. It was never their workload, and has not been shifted.

The last part is just wrong. Google does directly support the project's maintenance.

↑

FFmpeg to Google: Fund us or stop sending bugs