Lots of nerds arguing over FFmpeg and Google stuff still. Basically security nerds have argued that FFmpeg has a responsibility to fix any bugs in their project regardless if they call themselves a "volunteer project" or a '"vendor". Security nerds argue that because of the size and popularity of FFmpeg, which FFmpeg proudly reps, then they should fix the issue and trying to minimize themselves as "volunteer project" is redundant FFmpeg has responded, in summary, "stop jerking yourselves off, just submit a patch". Security nerds retorted that it's not their job to submit a patch and FFmpeg, as the vendor or volunteer project, whatever you want to call it, is responsible for the patch. FFmpeg and it's supporters have criticized security nerds as people who want to find CVEs to look cool and badass, rather than actually improving the security posture of a project. We're on day 3, or day 4, of a bunch of nerds arguing about patches and stuff. It's a beautiful thing. I enjoy reading it. I think everyone makes a valid point. I also enjoy people calling each other nasty names and insults over something they're not involved in (they don't work at Google or help FFmpeg, they're just picking their team) Overall I give this drama a solid 7/10.
See Tweet