Date: Fri, 29 Sep 2017 15:12:18 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: The Internet Bug Bounty: Data Processing (hackerone.com) On Thu, 28 Sep 2017 23:13:22 -0700 Reed Loden <reed@...dloden.com> wrote: > Separately, we're happy to announce that libav ( > https://git.libav.org/?p=libav.git;a=summary) was added to the scope > earlier today. I'm surprised by this. When I saw the ibb-data bounty I immediately wondered whether ffmpeg should be in there. Is there a reason libav is in and ffmpeg is not? Were there concerns by the ffmpeg devs? (I'm not taking a side in the libav/ffmpeg wars, but my impression is that many distros who had used libav for some time have switched back and ffmpeg is clearly the more widely used of the forks.) Given that imagemagick+graphicsmagick are already in there I assume there's no general problem for IBB to support competing forks. At the very least I'd recommend that you make sure all ibb-reports for libav get tested against ffmpeg. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ