Russ Allbery <r...@debian.org> writes: > Is upstream aware that this is a really bad track record and trying to > do something proactive to increase the quality of the code, like > comprehensive auditing, or proactive rewrites to use more secure coding > practices such as some of the work that the LibreSSL team has been > doing?
Ah, I should have Googled my own question. http://googleonlinesecurity.blogspot.com/2014/01/ffmpeg-and-thousand-fixes.html Well, that's... better than nothing. It's certainly part of an overall strategy, although that number of issues still indicates to me that there are style and architecture issues here that could benefit from more proactive design work. I could be wrong, having not looked at the code personally -- maybe the problem space is just really hard. But that seems like quite a lot of errors. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/874mxzhirj....@windlord.stanford.edu
