Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> ffmpeg owes me nothing. I haven't paid them a dime.

That is true. At the same time Google also does not owe the ffmpeg devs anything either. It applies both ways. The whole "pay us or we won't fix this" makes no sense.



> Google also does not owe the ffmpeg devs anything either.

Then they can stop reporting bugs with their assinine one size fits all "policy." It's unwelcome and unnecessary.

> It applies both ways.

The difference is I do not presume things upon the ffmpeg developers. I just use their software.

> The whole "pay us or we won't fix this" makes no sense.

Pay us or stop reporting obscure bugs in unused codecs found using "AI" scanning, or at least, if you do, then change your disclosure policy for those "bugs." That's the actual argument and is far more reasonable.


> Then they can stop reporting bugs with their asinine one size fits all "policy." It's unwelcome and unnecessary.

Right, they should just post the 0days on their blog.


I for one welcome it. I want to know if there are some vulnerabilities in the software I use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: