Re: [FFmpeg-devel] [RFC] dormant git accounts
On Tue, 19 Nov 2024 14:03:51 + Derek Buitenhuis wrote: > On 11/12/2024 7:55 PM, compn wrote: > > On Tue, 12 Nov 2024 16:46:42 + > > Derek Buitenhuis wrote: > > > >> On 11/11/2024 7:34 PM, compn wrote: > >>> one of my goals is to make sure that certain developers, who made > >>> their own project and then ran it into the ground, arent made as > >>> admins again. they had a good run but couldnt even make an > >>> announcement that their project had died. the last one out, did > >>> not turn out the lights. > >> > >> I appreciate you going mask off. > >> > >> I don't consider this at all acceptable behavior. > > > > my personal opinion of who can be root in our project is not > > acceptable behavior ? feel free to explain. > > Your goal of specifically excluding certain members of the community > because you're salty about the past is not acceptable behavior in > what should be an inclusive community. i see. > > i asked you in person at vdd last week if you met the requirements > > to administer ffmpeg (which iirc is just bare minimum "do you have > > 1+ years of server administration experience"), and you declined to > > tell me if you met the requirements. which is fine, no one has to > > tell me anything. > > You didn't ask me anything in person to my face, only rambled during > the meeting. > > I also never proposed myself so I don't even know why that is > relevant. > > > > > not answering simple questions in person, and not updating old > > github repositories makes me less inclined to vote for you as an > > administrator in the future. in my personal opinion. > > I am forwarding these lies to the non-functionign CC. You're making > stuff I never proposed and that never happened, and it is inflamatory > BS. > > - Derek sorry, i apologize. i didnt mean to antagonize you or anyone else. -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 7:55 PM, compn wrote: > On Tue, 12 Nov 2024 16:46:42 + > Derek Buitenhuis wrote: > >> On 11/11/2024 7:34 PM, compn wrote: >>> if your goal is to post old quotes, thats cool. >> >> Woosh. > > the quotes are from michael in 2015 saying elect a new leader. pretty > sure we never elected one. > > feel free to start a vote. The lack of an election does not mean one retains BDFL. > >>> one of my goals is to make sure that certain developers, who made >>> their own project and then ran it into the ground, arent made as >>> admins again. they had a good run but couldnt even make an >>> announcement that their project had died. the last one out, did not >>> turn out the lights. >> >> I appreciate you going mask off. >> >> I don't consider this at all acceptable behavior. > > my personal opinion of who can be root in our project is not acceptable > behavior ? feel free to explain. Your goal of specifically excluding certain members of the community because you're salty about the past is not acceptable behavior in what should be an inclusive community. > i dont think you were an admin there, i wasnt including you in that > list. Irrelevant. > although since you are listed as a member > on https://github.com/libav/ , and you asked to be root @ ffmpeg, i'm asking > you to do an administrative task and either update that github repo or take > the steps to close it down. It should be updated to say Libav is long dead, yes. > i asked you in person at vdd last week if you met the requirements > to administer ffmpeg (which iirc is just bare minimum "do you have 1+ > years of server administration experience"), and you declined to > tell me if you met the requirements. which is fine, no one has to tell > me anything. You didn't ask me anything in person to my face, only rambled during the meeting. I also never proposed myself so I don't even know why that is relevant. > > not answering simple questions in person, and not updating old > github repositories makes me less inclined to vote for you as an > administrator in the future. in my personal opinion. I am forwarding these lies to the non-functionign CC. You're making stuff I never proposed and that never happened, and it is inflamatory BS. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 7:37 PM, compn wrote: > concern trolling? I am pointing out Michael's own logic isn't even consistent with itself. What is logic *actually* is is that the of course *he* is trustworthy, to him. > > you're concerned about one developer adding in a backdoor, so the > solution is to add more developers? if you dont trust the 1 how would > you trust the n+1 or the n-1 ? just because they meet you in person and > watch you eat a bunch of mosquitos at a dinner ? thats your level of > security? This is seriously the biggest joke of "security" logic I have ever seen. Just endless BS replied to keep teh status quo; insane arguments so that nothing ever happens. For my own mental health I am ceasing to reply here. This sort of crap is why I took several years off this community. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 6:41 PM, Rémi Denis-Courmont wrote: > I don't think that Derek meant that literally. The GA is not a legal entity > so it can't hold a domain name or a trademark in the first place, or for that > matter physical servers or hosting service contracts. Just like the bank > account, these things should be held by a non-profit - preferably the same > one that already has the bank account(s). > > I think Derek's point is what the governance should be, not what the legal > ownership should be. This. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Wed, 13 Nov 2024 12:58:40 +0100 Michael Niedermayer wrote: > So heres the list of people who will have git write access after > dormant accounts are disabled. All the ones here where active in the > last 10 years as a committer in FFmpeg. Noone is added, everyone from > this list had access before > > wm4 is wm4 still active? nothing since ~2018? https://patchwork.ffmpeg.org/project/ffmpeg/list/?submitter=110 not on irc. no longer in mpv project either. ugh i bet "active in last 5 years" is grim. -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Wed, Nov 13, 2024 at 12:58:40PM +0100, Michael Niedermayer wrote: > Hi > > On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote: > > Hi all > > > > On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote: > > > Hi all > > > > > > Should we disable git accounts for developers who have not been active > > > since > > > a long time (like 10 years) ? > > > > > > (if these developers come back, the account would then be enabled again) > > > but disabling such accounts may improve security (lots of "if" here but > > > assuming they loose their key, assuming whoever gets hold of the key > > > has interrest and ability to attack ffmpeg and and and, the risk here > > > is likely low but not 0) > > > > I count currently 127 people with git write access > > above suggestion would disable around 33 accounts. > > > > I cannot show the list because of GDPR > > but the remaining 127-33 accounts are on this list: > > git log --since 10.years --first-parent --pretty=fuller | grep '^Commit:' > > | sort | uniq > > > > Note that above command will not produce a clean list. It requires manual > > cleanup, "Commit:" is just a text field and not everything thats in that > > field > > has or had a write account. But I cannot post peoples names or email > > addressed > > > > If i hear noone objecting to this (and there are already multiple people > > in favor) then i will disable the 33 accounts in a few days > > I have rechecked this situation and IIUC the GDPR has some exceptions > for cases where its in teh public interrest. I think listing who has > git write of a public project like FFmpeg is in the public interrest > and that transparency weighs heavier > > So heres the list of people who will have git write access after dormant > accounts are disabled. All the ones here where active in the last 10 years > as a committer in FFmpeg. Noone is added, everyone from this list had access > before > > mstorsjo ajacobs akhirnov cehoyos ngeorge thardin rdoeffinger rsbultje > mniedermayer pross rpinochet ssabatini bcoudurier ahannula rpolla compn > benoit philipl gbeauchesne ubitux beastd durandal daemon404 pasteeater wm4 > jamrial lukaszm jzern andreasc timo rostislav nevcairiel claudio gramner cus > thilo pedro arttu vesselin timothygu mattoliver rcombs mateo gajjanag kierank > jamesdarnley tvolkert mfaiz rkern kswanson jkqxz josh pburt jansebechlebsky > aconverse stevenliu mjbshaw bangnoise vittorio tobiasrapp agupta foo86 jeeb > martinv jorge kjeyapal junzhao gyan pavel lizhong laurikasanen songruiling > yejunguo hwren jluthra agelman arheinhardt lmwang linjiefu zanevi shutchinson > haihao haasn zhilizhao leoizen pal courmisch lynne dmitrii nuomi bsmith > feiwan ePirat marth64 > > (some people above have 2 keys, these duplciates where removed) > > I intend to wait a few more days before updating the list so people > can review this. Mistakes are not impossible as i had to match these > to teh emails from git by hand change applied. Noone active as a commiter in FFmpeg in the last 10 years should have lost access. If someone did loose access, please immedeatly contact me, ill fix it thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security.-Bruce Schneier signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Wed, 13 Nov 2024 10:44:29 -1000 compn wrote: > the server admins know who has access. the access list isnt a public > document. some developers want it to be a public document. > i dont particularly care if the list is public or not. > > i am curious to know why this is now an important issue, though. to answer my own question it might come from this soverign tech fund program from last year (or a similar guideline). in that its a good idea to document FOSS project infrastructure and behind-the-scenes stuff. https://www.sovereign.tech/programs/challenges#more-about-the-challenges >3. FOSS Infrastructure Documentation > >The FOSS Infrastructure Documentation Challenge invites participants >to create comprehensive documentation for the most critical and >widely-used FOSS infrastructure projects. > >Documentation is an essential part of any software project, but >especially for FOSS projects, as it can be a significant barrier to >entry for new users and contributors if it is not well written and >organized. > >The goal of this challenge is to make FOSS projects more accessible to >new users and contributors through improved documentation and better >knowledge management. Participants will improve the documentation for a >FOSS infrastructure project of their choice and ensure that it is >clear, concise, up-to-date, and accurate. although that might apply more to other projects it also applies to ffmpeg. more info for securing your FOSS project: https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/13/24 1:15 PM, Michael Niedermayer wrote: so there are no unlabeled keys, its all there just not in an machiene parsable list for example your key addition looks like this: I see. If everyone who has access is known then I don't see any issue with disabling push access to accounts that have made no commits in a decade, and I don't believe anyone has objected to that either. (As you mentioned, if they become active we can re-add them.) - Leo Izen (Traneptora) ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi, On Wed, Nov 13, 2024 at 3:45 PM compn wrote: > people are using XV as an example, sure. > (I think you meant xz.) Ronald ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Wed, 13 Nov 2024 12:29:22 -0500 Leo Izen wrote: > Yes, clearly, but an issue has come up that apparently we don't know > who has access to our infrastructure. How do we not know this? no. the server admins know who has access. the access list isnt a public document. some developers want it to be a public document. i dont particularly care if the list is public or not. i am curious to know why this is now an important issue, though. people are using XV as an example, sure. but XV is not ffmpeg. although i guess a distro could always tie ffmpeg and ssh into systemd because they have no brains. backdoors get installed in software all the time. and hardware. to prevent an XV type backdoor in the future, separate source code from binary testfiles in all open source projects. its difficult to hide an exploit like that in source code, but much easier when you can throw a big binary blob in the repo. -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi Traneptora On Wed, Nov 13, 2024 at 12:29:22PM -0500, Leo Izen wrote: > On 11/9/24 11:18 AM, Michael Niedermayer wrote: > > Hi all > > > > Should we disable git accounts for developers who have not been active since > > a long time (like 10 years) ? > > > > (if these developers come back, the account would then be enabled again) > > but disabling such accounts may improve security (lots of "if" here but > > assuming they loose their key, assuming whoever gets hold of the key > > has interrest and ability to attack ffmpeg and and and, the risk here > > is likely low but not 0) > > > > thx > > Yes, clearly, but an issue has come up that apparently we don't know who has > access to our infrastructure. How do we not know this? > > When michael gave me push access, he asked for my SSH public key, presumably > to add to an authorized_keys file somewhere. I presume since he has write > access to this file, he can also read it. We use gitolite gitolite uses git itself to trak all changes to who has what access to what repository There is a authorized_keys file but that is build by hooks from gitolite out of the gitolite config and keys. previously gitosis was used but its basically the same so there are no unlabeled keys, its all there just not in an machiene parsable list for example your key addition looks like this: commit 149f636328a060c814a429af7e4df40ad20e0e4d (origin/master, origin/HEAD, last-master) Author: Michael Niedermayer Date: Tue Jan 24 18:01:21 2023 +0100 Add Leo Izen to FFmpeg Signed-off-by: Michael Niedermayer gitosis.conf | 2 +- keydir/leoizen.pub | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Democracy is the form of government in which you can choose your dictator signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/9/24 11:18 AM, Michael Niedermayer wrote: Hi all Should we disable git accounts for developers who have not been active since a long time (like 10 years) ? (if these developers come back, the account would then be enabled again) but disabling such accounts may improve security (lots of "if" here but assuming they loose their key, assuming whoever gets hold of the key has interrest and ability to attack ffmpeg and and and, the risk here is likely low but not 0) thx Yes, clearly, but an issue has come up that apparently we don't know who has access to our infrastructure. How do we not know this? When michael gave me push access, he asked for my SSH public key, presumably to add to an authorized_keys file somewhere. I presume since he has write access to this file, he can also read it. I'd imagine that some of these keys are not labeled who they belong to, which is why we don't know. If the keys were all labeled we'd know who they all belong to. But regardless, I don't think anybody is opposed to having michael go through and check which keys haven't been used in 10 years and removing them from that authorized_keys file. I'd even say that we may go as far and remove *every* key that is unlabeled unless we can clearly establish who it belongs to and label it as such. We need to know who these keys belong to so we can contact those people if necessary or know who they are at all. - Leo Izen (Traneptora) ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi On Sun, Nov 10, 2024 at 07:44:11PM +0100, Michael Niedermayer wrote: > Hi all > > On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote: > > Hi all > > > > Should we disable git accounts for developers who have not been active since > > a long time (like 10 years) ? > > > > (if these developers come back, the account would then be enabled again) > > but disabling such accounts may improve security (lots of "if" here but > > assuming they loose their key, assuming whoever gets hold of the key > > has interrest and ability to attack ffmpeg and and and, the risk here > > is likely low but not 0) > > I count currently 127 people with git write access > above suggestion would disable around 33 accounts. > > I cannot show the list because of GDPR > but the remaining 127-33 accounts are on this list: > git log --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | > sort | uniq > > Note that above command will not produce a clean list. It requires manual > cleanup, "Commit:" is just a text field and not everything thats in that field > has or had a write account. But I cannot post peoples names or email addressed > > If i hear noone objecting to this (and there are already multiple people > in favor) then i will disable the 33 accounts in a few days I have rechecked this situation and IIUC the GDPR has some exceptions for cases where its in teh public interrest. I think listing who has git write of a public project like FFmpeg is in the public interrest and that transparency weighs heavier So heres the list of people who will have git write access after dormant accounts are disabled. All the ones here where active in the last 10 years as a committer in FFmpeg. Noone is added, everyone from this list had access before mstorsjo ajacobs akhirnov cehoyos ngeorge thardin rdoeffinger rsbultje mniedermayer pross rpinochet ssabatini bcoudurier ahannula rpolla compn benoit philipl gbeauchesne ubitux beastd durandal daemon404 pasteeater wm4 jamrial lukaszm jzern andreasc timo rostislav nevcairiel claudio gramner cus thilo pedro arttu vesselin timothygu mattoliver rcombs mateo gajjanag kierank jamesdarnley tvolkert mfaiz rkern kswanson jkqxz josh pburt jansebechlebsky aconverse stevenliu mjbshaw bangnoise vittorio tobiasrapp agupta foo86 jeeb martinv jorge kjeyapal junzhao gyan pavel lizhong laurikasanen songruiling yejunguo hwren jluthra agelman arheinhardt lmwang linjiefu zanevi shutchinson haihao haasn zhilizhao leoizen pal courmisch lynne dmitrii nuomi bsmith feiwan ePirat marth64 (some people above have 2 keys, these duplciates where removed) I intend to wait a few more days before updating the list so people can review this. Mistakes are not impossible as i had to match these to teh emails from git by hand thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are too smart to engage in politics are punished by being governed by those who are dumber. -- Plato signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Wed, 13 Nov 2024, 00:10 Michael Niedermayer, wrote: > Hi > > On Tue, Nov 12, 2024 at 10:38:09PM +, Kieran Kunhya via ffmpeg-devel > wrote: > > On Tue, 12 Nov 2024, 21:03 Michael Niedermayer, > > wrote: > > > > > On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote: > > > > On 11/12/2024 5:07 PM, James Almer wrote: > > > > > I personally don't agree with giving the domain/trademark to the > > > general > > > > > assembly, as some have argued. It's just not safe at all. > > > > > > > > Sorry, I didn't necessarily mean giving it ot the GA. I mean having > it > > > in a > > > > better state than being held hostage by someone who hasn't been > around > > > in 20 > > > > years and only talks to one person. > > > > > > > > > > > It essentially gives that one person the ability to hold the whole > > > project hostage. > > > > > > This statement is true for every case where a person holds a trademark > or > > > domain > > > Its also true for every legal entity holding them, as said legal > entity is > > > generally > > > controlled by one person at some level. > > > > > > > It's possible to have entities where no single person is in control. > > which then have a single person applying their decission. Again a single > person who holds the password for the domain registrar. > > One can stack more and more complexity to battle all this. But to > go back to the start. The domain and trademark owner has not abused his > power ever in the whole lifetime of the project. Some people maybe > dont trust anyone they have not personally met, but that is unsolvable > unless you limit the size of the community, there will always be > community members who never met. > > > > > > Most importantly though, if one person is in control, it's documented and > > legally required to be on the public record. > > In the past the community preferred not to publically list individuals so > as to > make the project and its members harder to attack. > > Also everyone in the community knows who owns the domain and trademark. > Who owns avcodec.org? As Derek says this domain also matters. Kieran > ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi Kyle On Tue, Nov 12, 2024 at 02:09:25PM -0800, Kyle Swanson wrote: > Hi, > > Should we consult with someone (a professional) outside of FFmpeg to > assess the situation and provide a set of recommendations? This would > be money well spent IMO. I do have a list of ideas from people (not the quite vocal people in the recent threads) about infra. And i intend to go through that list. (which will take time) That said, more ideas are certainly welcome. (please send any and all ideas about improving infra to me and or to ffmpeg-devel, only nice and polite mails welcome) A proper review/audit of our infra is not a bad idea. But that should be done after we ourselfs have reviewed and evaluated suggestions we have come up with ourselfs. So we dont waste money on things we can find ourselfs. thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I do not agree with what you have to say, but I'll defend to the death your right to say it. -- Voltaire signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi On Tue, Nov 12, 2024 at 10:38:09PM +, Kieran Kunhya via ffmpeg-devel wrote: > On Tue, 12 Nov 2024, 21:03 Michael Niedermayer, > wrote: > > > On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote: > > > On 11/12/2024 5:07 PM, James Almer wrote: > > > > I personally don't agree with giving the domain/trademark to the > > general > > > > assembly, as some have argued. It's just not safe at all. > > > > > > Sorry, I didn't necessarily mean giving it ot the GA. I mean having it > > in a > > > better state than being held hostage by someone who hasn't been around > > in 20 > > > years and only talks to one person. > > > > > > > > It essentially gives that one person the ability to hold the whole > > project hostage. > > > > This statement is true for every case where a person holds a trademark or > > domain > > Its also true for every legal entity holding them, as said legal entity is > > generally > > controlled by one person at some level. > > > > It's possible to have entities where no single person is in control. which then have a single person applying their decission. Again a single person who holds the password for the domain registrar. One can stack more and more complexity to battle all this. But to go back to the start. The domain and trademark owner has not abused his power ever in the whole lifetime of the project. Some people maybe dont trust anyone they have not personally met, but that is unsolvable unless you limit the size of the community, there will always be community members who never met. > > Most importantly though, if one person is in control, it's documented and > legally required to be on the public record. In the past the community preferred not to publically list individuals so as to make the project and its members harder to attack. Also everyone in the community knows who owns the domain and trademark. thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB During times of universal deceit, telling the truth becomes a revolutionary act. -- George Orwell signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Tue, 12 Nov 2024, 21:03 Michael Niedermayer, wrote: > On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote: > > On 11/12/2024 5:07 PM, James Almer wrote: > > > I personally don't agree with giving the domain/trademark to the > general > > > assembly, as some have argued. It's just not safe at all. > > > > Sorry, I didn't necessarily mean giving it ot the GA. I mean having it > in a > > better state than being held hostage by someone who hasn't been around > in 20 > > years and only talks to one person. > > > > > It essentially gives that one person the ability to hold the whole > project hostage. > > This statement is true for every case where a person holds a trademark or > domain > Its also true for every legal entity holding them, as said legal entity is > generally > controlled by one person at some level. > It's possible to have entities where no single person is in control. Most importantly though, if one person is in control, it's documented and legally required to be on the public record. Kieran > ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Tue, Nov 12, 2024 at 05:32:40PM +, Derek Buitenhuis wrote: > On 11/12/2024 5:07 PM, James Almer wrote: > > I personally don't agree with giving the domain/trademark to the general > > assembly, as some have argued. It's just not safe at all. > > Sorry, I didn't necessarily mean giving it ot the GA. I mean having it in a > better state than being held hostage by someone who hasn't been around in 20 > years and only talks to one person. > > It essentially gives that one person the ability to hold the whole project > hostage. This statement is true for every case where a person holds a trademark or domain Its also true for every legal entity holding them, as said legal entity is generally controlled by one person at some level. Thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The worst form of inequality is to try to make unequal things equal. -- Aristotle signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi, Should we consult with someone (a professional) outside of FFmpeg to assess the situation and provide a set of recommendations? This would be money well spent IMO. Thanks, Kyle ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Tue, 12 Nov 2024 16:46:42 + Derek Buitenhuis wrote: > On 11/11/2024 7:34 PM, compn wrote: > > if your goal is to post old quotes, thats cool. > > Woosh. the quotes are from michael in 2015 saying elect a new leader. pretty sure we never elected one. feel free to start a vote. > > one of my goals is to make sure that certain developers, who made > > their own project and then ran it into the ground, arent made as > > admins again. they had a good run but couldnt even make an > > announcement that their project had died. the last one out, did not > > turn out the lights. > > I appreciate you going mask off. > > I don't consider this at all acceptable behavior. my personal opinion of who can be root in our project is not acceptable behavior ? feel free to explain. i dont think you were an admin there, i wasnt including you in that list. although since you are listed as a member on https://github.com/libav/ , and you asked to be root @ ffmpeg, i'm asking you to do an administrative task and either update that github repo or take the steps to close it down. i asked you in person at vdd last week if you met the requirements to administer ffmpeg (which iirc is just bare minimum "do you have 1+ years of server administration experience"), and you declined to tell me if you met the requirements. which is fine, no one has to tell me anything. not answering simple questions in person, and not updating old github repositories makes me less inclined to vote for you as an administrator in the future. in my personal opinion. -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Tue, 12 Nov 2024 17:30:57 + Derek Buitenhuis wrote: > On 11/12/2024 5:05 PM, James Almer wrote: > > This is not true. I have write access to the website, for example, > > as do others. And Michael cuts releases because he was given the > > task, not because nobody else can or want. And nobody prevents > > anyone from just fetching a git tag instead (Distros like Arch do, > > after all). > > It is true, he has acecss to do all of it. Just because others do, > doesn't mean he can't. I am nto syaing he *will*, I'm using it as an > example of the issue. concern trolling? you're concerned about one developer adding in a backdoor, so the solution is to add more developers? if you dont trust the 1 how would you trust the n+1 or the n-1 ? just because they meet you in person and watch you eat a bunch of mosquitos at a dinner ? thats your level of security? its fine, i'm just curious. (you'd think korea would have superior anti-mosquito technology by now) -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi, Le 12 novembre 2024 19:07:56 GMT+02:00, James Almer a écrit : >On 11/12/2024 1:58 PM, Derek Buitenhuis wrote: >> Answers aren't sufficient or complete, and you purposely avoid giving >> community >> power over the ifnrastructure, domains, or trademark. It is solely at your >> discretion. > >I personally don't agree with giving the domain/trademark to the general >assembly, as some have argued. It's just not safe at all. I don't think that Derek meant that literally. The GA is not a legal entity so it can't hold a domain name or a trademark in the first place, or for that matter physical servers or hosting service contracts. Just like the bank account, these things should be held by a non-profit - preferably the same one that already has the bank account(s). I think Derek's point is what the governance should be, not what the legal ownership should be. >I do however think the infrastructure needs clarifications and transparency. > ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 5:05 PM, James Almer wrote: > This is not true. I have write access to the website, for example, as do > others. And Michael cuts releases because he was given the task, not > because nobody else can or want. And nobody prevents anyone from just > fetching a git tag instead (Distros like Arch do, after all). It is true, he has acecss to do all of it. Just because others do, doesn't mean he can't. I am nto syaing he *will*, I'm using it as an example of the issue. > > Also, the xz fiasco is precisely what prompted him to write a script to > compare the contents of tarballs with their respective git tags, and a > patch for the security page on the website. It's on the ML. Not discoverable, for sure. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 5:07 PM, James Almer wrote: > I personally don't agree with giving the domain/trademark to the general > assembly, as some have argued. It's just not safe at all. Sorry, I didn't necessarily mean giving it ot the GA. I mean having it in a better state than being held hostage by someone who hasn't been around in 20 years and only talks to one person. It essentially gives that one person the ability to hold the whole project hostage. > I do however think the infrastructure needs clarifications and transparency. [...] - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 1:58 PM, Derek Buitenhuis wrote: Answers aren't sufficient or complete, and you purposely avoid giving community power over the ifnrastructure, domains, or trademark. It is solely at your discretion. I personally don't agree with giving the domain/trademark to the general assembly, as some have argued. It's just not safe at all. I do however think the infrastructure needs clarifications and transparency. OpenPGP_signature.asc Description: OpenPGP digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/12/2024 1:58 PM, Derek Buitenhuis wrote: For example, right now, one person (you) has the ability to cut release, modify the website, sign the tarballs, etc. It's all you. I'm sure that's great in your mind, as you deem yourself trustworthy. From our end, nothing stops it from being xz part 2. There is no way to know the tarballs are un-tampered with, other than trusting you. This is not true. I have write access to the website, for example, as do others. And Michael cuts releases because he was given the task, not because nobody else can or want. And nobody prevents anyone from just fetching a git tag instead (Distros like Arch do, after all). Also, the xz fiasco is precisely what prompted him to write a script to compare the contents of tarballs with their respective git tags, and a patch for the security page on the website. It's on the ML. OpenPGP_signature.asc Description: OpenPGP digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/11/2024 7:34 PM, compn wrote: > if your goal is to post old quotes, thats cool. Woosh. > one of my goals is to make sure that certain developers, who made their > own project and then ran it into the ground, arent made as admins > again. they had a good run but couldnt even make an > announcement that their project had died. the last one out, did not > turn out the lights. I appreciate you going mask off. I don't consider this at all acceptable behavior. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/11/2024 7:33 PM, Michael Niedermayer wrote: >> This only convinces me further that it this whole setup ins't for for >> purpose, >> and is being run by people who have no concept of actual security. This is >> totally insane. Honestly, this is so exhausting and painful, I dread responding. I know you cannot be convinced, per previous mails. Probably why most others stay silent on the list but complain in person, lest they draw the insanity on themselves. > So "publically listing every admins and server owner (where its not the > company) > name" is the normal and sane thing and not listing them publically is totally > insane ? Yes. > Do i understand this correctly? Doubtful. > If so, then iam sure that every security related company lists these > publically? > Likewise the FBI, financial institutions, and so forth. Strawman. > These are organisations where security is very important, but none of them > lists server owners and admins publically. And iam not even sure what they > would do if you called them and asked, but they probably would ask you for > your name, intend and at least internally report this without awnsering your > question. None of these things are community run open source projects, and your comparisons are nuts. Even if you don't think they should be publically known (which I disagree with), the should be known to the project itself outside of your Michael-approved cabal. > But lets go back the original question > 1. what exact information do you ask for ? Complete list of infra, where it is hosted, who has what access (physical and remote/software). This is what VideoLAN does. Yes, I know you are paranoid as hell about a "VideoLAN/j-b takeover", which is... well, others can judge. > 2. why ? See previous endless mails and discussion. > 3. what do you intend to do with this information ? This info is pertinent for a lot of security and stabiltiy reasons. For example, right now, one person (you) has the ability to cut release, modify the website, sign the tarballs, etc. It's all you. I'm sure that's great in your mind, as you deem yourself trustworthy. From our end, nothing stops it from being xz part 2. There is no way to know the tarballs are un-tampered with, other than trusting you. I'm sure this makes perfect sense if you agree with the whole "michael, as person nobody has ever met, and nobody agreed to give absolute power, is trustworthy and infallable" thing, but I sure don't. It's a fiefdom that you rule. > 4. The names of the developers providing the infra have been provided before, > did you look through past discussion? The list is not complete even back then, and it was not documented since. > 5. Do you ask these questions to every project or just FFmpeg ? >(i have been told these questions only happen toward FFmpeg, can you >explain why ?) Every serious and large open source project has this responsibiltiy. We're not some rag tag show, we're a project used by every big company on Earth. > Last years i tried to simply awnser all the questions, but that didnt make > anyone happy. I must be missing something. Answers aren't sufficient or complete, and you purposely avoid giving community power over the ifnrastructure, domains, or trademark. It is solely at your discretion. > I mean we can go through the whole again if people want but I really > think most developers would prefer to work on the code and project instead. Yes, I suppose your banking on the silence == complicity aspect of this. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Mon, 11 Nov 2024 18:17:11 + Kieran Kunhya via ffmpeg-devel wrote: > On Mon, Nov 11, 2024 at 5:31 PM compn wrote: > > > > what is your goal? > > > > thanks > > -compn > > Here are some quotes presented without comment: if your goal is to post old quotes, thats cool. one of my goals is to make sure that certain developers, who made their own project and then ran it into the ground, arent made as admins again. they had a good run but couldnt even make an announcement that their project had died. the last one out, did not turn out the lights. that to me is insane. that project was community run, with absolute voting made on every decision. what went wrong there? all i see is Keiran's last mail https://www.mail-archive.com/libav-devel@libav.org/msg85112.html and the community ran github has not been updated to say its status either https://github.com/libav/libav thats why i'm asking you and derek what your goals are. is your goal to turn ffmpeg into a community ran admin with lots of voting? well didnt that other project (that shall not be named) do exactly that? and what happened to them? its gone? gone. dead. how do you keep a community ran project going if there is no paid organization behind it? and who turns out the lights at the end? i think that would be a good goal for derek and the others here to do. figure out how to turn off the old github https://github.com/libav/libav . turn out the lights. greets -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi On Mon, Nov 11, 2024 at 05:00:42PM +, Derek Buitenhuis wrote: > On 11/11/2024 4:42 PM, Michael Niedermayer wrote: > > Publically listing which developer provides which part of the DNS infra > > makes it easier to attack not harder. > > That said, i suspect who provides what was mentioned in the past already > > It is already publically available info to anyone who can look up an IP. Then what is this discussion about? (If all peoples names can be found easily) > > > If an attacker doesnt know who provides a server then the attacker can only > > attack the server directly via its name and IP. > > If an attacker knows who owns the server then he can perform a wide > > range of additional attacks. For example > > Impersonating that developer towards the server hoster, or if the attacker > > can figure out the phone number of the developer then sim swaping becomes > > possible. From that various other accounts can then be taken over and > > Once an attacker is in control of phone and email of someone further > > account compromises become increasingly easy. > > > > I do not think we would be doing FFmpeg a service or improve security > > by listing everyones names in a public file. Even if most of this > > probably was said publically already, having it in one single place > > makes it even easier for an attacker > > This only convinces me further that it this whole setup ins't for for purpose, > and is being run by people who have no concept of actual security. This is > totally insane. So "publically listing every admins and server owner (where its not the company) name" is the normal and sane thing and not listing them publically is totally insane ? Do i understand this correctly? If so, then iam sure that every security related company lists these publically? Likewise the FBI, financial institutions, and so forth. These are organisations where security is very important, but none of them lists server owners and admins publically. And iam not even sure what they would do if you called them and asked, but they probably would ask you for your name, intend and at least internally report this without awnsering your question. But lets go back the original question 1. what exact information do you ask for ? 2. why ? 3. what do you intend to do with this information ? 4. The names of the developers providing the infra have been provided before, did you look through past discussion? 5. Do you ask these questions to every project or just FFmpeg ? (i have been told these questions only happen toward FFmpeg, can you explain why ?) Last years i tried to simply awnser all the questions, but that didnt make anyone happy. I must be missing something. I mean we can go through the whole again if people want but I really think most developers would prefer to work on the code and project instead. thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Modern terrorism, a quick summary: Need oil, start war with country that has oil, kill hundread thousand in war. Let country fall into chaos, be surprised about raise of fundamantalists. Drop more bombs, kill more people, be surprised about them taking revenge and drop even more bombs and strip your own citizens of their rights and freedoms. to be continued signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Mon, Nov 11, 2024 at 5:31 PM compn wrote: > > On Mon, 11 Nov 2024 17:00:42 + > Derek Buitenhuis wrote: > > > This only convinces me further that it this whole setup ins't for for > > purpose, and is being run by people who have no concept of actual > > security. This is totally insane. > > I think it would be wiser to point to other administration of other > projects , especially ones that list infrastructure in some public > facing document. > > rather than > > 1. asking for a list of developers with write access > 2. asking for a list of admins > 3. when finding some unused developer or admin account, call the whole > thing insane and blame the current admin > 4. point at the lack of x, y and z as evidence the current admin is bad > > if your goal is to change ffmpeg admins, then just say so. > > if your goal is to take maintaining of ffservers so that michael can > focus on code instead of admin, then just say that. > > if your goal is to have the GA run things, then why not have the GA > vote on the plans to run ffmpeg? the GA can vote on admins, they can > vote on how to fund the server, they can vote on if they want bulgaria > to host ffmpeg, they can vote on all of these things and prepare what > the GA wants into a plan. and then the GA can present the plan and vote > yay or nay on the plan. > > i tried to ask the developers at vdd about this in the meeting but its > possible that i didnt phrase it correctly. i apologize for that. i > asked jb and jb said that videolan is one group that can host ffmpeg, > at least. so thats an option for the GA to consider, should they not > like our bulgarian host. > > if your goal is to endlessly argue , well thats ok too. > > what is your goal? > > thanks > -compn Here are some quotes presented without comment: "FFmpeg belongs to the FFmpeg developers and the FFmpeg community!" "what about root, git admin roles, ...? Well iam happy to pass them on to whoever the community chooses and trusts. But please be very carefull who you choose! until someone else is choosen i can continue doing the basic things like security updates and opening git accounts, aka theres no urgency in choosing someone, rather please choose wise than quick." "FFmpeg is yours, that is everyones. try your best to make FFmpeg be the best. Post patches, review patches, apply patches, discuss code and design. Report bugs, bisect, debug and fix bugs, add features, help users. Do friendly merges, and if you like do hostile merges. Its all up to you now!" Regards, Kieran ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Mon, 11 Nov 2024 17:00:42 + Derek Buitenhuis wrote: > This only convinces me further that it this whole setup ins't for for > purpose, and is being run by people who have no concept of actual > security. This is totally insane. I think it would be wiser to point to other administration of other projects , especially ones that list infrastructure in some public facing document. rather than 1. asking for a list of developers with write access 2. asking for a list of admins 3. when finding some unused developer or admin account, call the whole thing insane and blame the current admin 4. point at the lack of x, y and z as evidence the current admin is bad if your goal is to change ffmpeg admins, then just say so. if your goal is to take maintaining of ffservers so that michael can focus on code instead of admin, then just say that. if your goal is to have the GA run things, then why not have the GA vote on the plans to run ffmpeg? the GA can vote on admins, they can vote on how to fund the server, they can vote on if they want bulgaria to host ffmpeg, they can vote on all of these things and prepare what the GA wants into a plan. and then the GA can present the plan and vote yay or nay on the plan. i tried to ask the developers at vdd about this in the meeting but its possible that i didnt phrase it correctly. i apologize for that. i asked jb and jb said that videolan is one group that can host ffmpeg, at least. so thats an option for the GA to consider, should they not like our bulgarian host. if your goal is to endlessly argue , well thats ok too. what is your goal? thanks -compn ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/11/2024 4:42 PM, Michael Niedermayer wrote: > Publically listing which developer provides which part of the DNS infra > makes it easier to attack not harder. > That said, i suspect who provides what was mentioned in the past already It is already publically available info to anyone who can look up an IP. > If an attacker doesnt know who provides a server then the attacker can only > attack the server directly via its name and IP. > If an attacker knows who owns the server then he can perform a wide > range of additional attacks. For example > Impersonating that developer towards the server hoster, or if the attacker > can figure out the phone number of the developer then sim swaping becomes > possible. From that various other accounts can then be taken over and > Once an attacker is in control of phone and email of someone further > account compromises become increasingly easy. > > I do not think we would be doing FFmpeg a service or improve security > by listing everyones names in a public file. Even if most of this > probably was said publically already, having it in one single place > makes it even easier for an attacker This only convinces me further that it this whole setup ins't for for purpose, and is being run by people who have no concept of actual security. This is totally insane. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Le 11 novembre 2024 18:42:37 GMT+02:00, Michael Niedermayer a écrit : >On Mon, Nov 11, 2024 at 10:02:27AM +, Derek Buitenhuis wrote: >> On 11/10/2024 2:59 PM, Michael Niedermayer wrote: >> > Its there since a long time: >> > https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt >> >> [...] >> >> > If something is missing, its not going to improve on its own. >> > Someone will have to say _what_ is missing and work toward filling it in. >> >> Pretty hard to list infra you don't know exists. >> >> For example, I only recently noticed ffmpeg.org goes through avcodec.org DNS: >> >> ns1.avcodec.org - telepoint.bg >> ns2.avcodec.org - KIFU (Government Info Tech Development Agency) >> ns3.avcodec.org - CDLAN SpA >> >> Who owns avcodec.org? Who runs these DNS servers? Who has access? Who has >> contacts? >> >> It's a supply chain attack risk - you could hijack ffmpeg.org per IP or Geo. > >Publically listing which developer provides which part of the DNS infra >makes it easier to attack not harder. That's pretty pathetic excuse, TBH. All it does is make it harder to find whom to contact about whatever issue, and whose stale credentials to purge from what service. It also removes accountability, which is pretty much never a good thing overall. And lastly, if the security of a piece of infrastructure is contingent on not knowing who has access to it, then that's a major problem of its own anyway. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Mon, Nov 11, 2024 at 10:02:27AM +, Derek Buitenhuis wrote: > On 11/10/2024 2:59 PM, Michael Niedermayer wrote: > > Its there since a long time: > > https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt > > [...] > > > If something is missing, its not going to improve on its own. > > Someone will have to say _what_ is missing and work toward filling it in. > > Pretty hard to list infra you don't know exists. > > For example, I only recently noticed ffmpeg.org goes through avcodec.org DNS: > > ns1.avcodec.org - telepoint.bg > ns2.avcodec.org - KIFU (Government Info Tech Development Agency) > ns3.avcodec.org - CDLAN SpA > > Who owns avcodec.org? Who runs these DNS servers? Who has access? Who has > contacts? > > It's a supply chain attack risk - you could hijack ffmpeg.org per IP or Geo. Publically listing which developer provides which part of the DNS infra makes it easier to attack not harder. That said, i suspect who provides what was mentioned in the past already If an attacker doesnt know who provides a server then the attacker can only attack the server directly via its name and IP. If an attacker knows who owns the server then he can perform a wide range of additional attacks. For example Impersonating that developer towards the server hoster, or if the attacker can figure out the phone number of the developer then sim swaping becomes possible. From that various other accounts can then be taken over and Once an attacker is in control of phone and email of someone further account compromises become increasingly easy. I do not think we would be doing FFmpeg a service or improve security by listing everyones names in a public file. Even if most of this probably was said publically already, having it in one single place makes it even easier for an attacker thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety -- Benjamin Franklin signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/10/2024 2:59 PM, Michael Niedermayer wrote: > Its there since a long time: > https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt [...] > If something is missing, its not going to improve on its own. > Someone will have to say _what_ is missing and work toward filling it in. Pretty hard to list infra you don't know exists. For example, I only recently noticed ffmpeg.org goes through avcodec.org DNS: ns1.avcodec.org - telepoint.bg ns2.avcodec.org - KIFU (Government Info Tech Development Agency) ns3.avcodec.org - CDLAN SpA Who owns avcodec.org? Who runs these DNS servers? Who has access? Who has contacts? It's a supply chain attack risk - you could hijack ffmpeg.org per IP or Geo. And this is just one example. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Hi all On Sat, Nov 09, 2024 at 05:18:08PM +0100, Michael Niedermayer wrote: > Hi all > > Should we disable git accounts for developers who have not been active since > a long time (like 10 years) ? > > (if these developers come back, the account would then be enabled again) > but disabling such accounts may improve security (lots of "if" here but > assuming they loose their key, assuming whoever gets hold of the key > has interrest and ability to attack ffmpeg and and and, the risk here > is likely low but not 0) I count currently 127 people with git write access above suggestion would disable around 33 accounts. I cannot show the list because of GDPR but the remaining 127-33 accounts are on this list: git log --since 10.years --first-parent --pretty=fuller | grep '^Commit:' | sort | uniq Note that above command will not produce a clean list. It requires manual cleanup, "Commit:" is just a text field and not everything thats in that field has or had a write account. But I cannot post peoples names or email addressed If i hear noone objecting to this (and there are already multiple people in favor) then i will disable the 33 accounts in a few days Thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are too smart to engage in politics are punished by being governed by those who are dumber. -- Plato signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Sun, Nov 10, 2024 at 02:42:18PM +, Derek Buitenhuis wrote: > On 11/9/2024 6:04 PM, Rémi Denis-Courmont wrote: > > What most people are concerned about right now is the incomplete > > documentation > > of any and all credentials - not just git write access - and more generally > > the lack of transparency. Once that is sorted out, we can start arguing > > about > > what should be revoked. > > +1 > > Not just an incomplete list of credentials, but I don't think we even have a > complete list of what infra exists within the project. Its there since a long time: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/HEAD:/doc/infra.txt If something is missing, its not going to improve on its own. Someone will have to say _what_ is missing and work toward filling it in. thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Some people wanted to paint the bikeshed green, some blue and some pink. People argued and fought, when they finally agreed, only rust was left. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/9/2024 6:04 PM, Rémi Denis-Courmont wrote: > What most people are concerned about right now is the incomplete > documentation > of any and all credentials - not just git write access - and more generally > the lack of transparency. Once that is sorted out, we can start arguing about > what should be revoked. +1 Not just an incomplete list of credentials, but I don't think we even have a complete list of what infra exists within the project. - Derek ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On Sun, Nov 10, 2024 at 12:18 AM Michael Niedermayer wrote: > > Hi all > > Should we disable git accounts for developers who have not been active since > a long time (like 10 years) ? > > (if these developers come back, the account would then be enabled again) > but disabling such accounts may improve security (lots of "if" here but > assuming they loose their key, assuming whoever gets hold of the key > has interrest and ability to attack ffmpeg and and and, the risk here > is likely low but not 0) > > thx > I agree with this operation ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
Le lauantaina 9. marraskuuta 2024, 18.18.08 EET Michael Niedermayer a écrit : > Hi all > > Should we disable git accounts for developers who have not been active since > a long time (like 10 years) ? Yes but git is probably the least dangerous of credentials to keep stale. A backdoor getting pushed with a stale and stolen SSH private key would be noticed and rectified in no time. What most people are concerned about right now is the incomplete documentation of any and all credentials - not just git write access - and more generally the lack of transparency. Once that is sorted out, we can start arguing about what should be revoked. -- 雷米‧德尼-库尔蒙 http://www.remlab.net/ ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [RFC] dormant git accounts
On 11/9/2024 1:18 PM, Michael Niedermayer wrote: Hi all Should we disable git accounts for developers who have not been active since a long time (like 10 years) ? (if these developers come back, the account would then be enabled again) but disabling such accounts may improve security (lots of "if" here but assuming they loose their key, assuming whoever gets hold of the key has interrest and ability to attack ffmpeg and and and, the risk here is likely low but not 0) Yes. OpenPGP_signature.asc Description: OpenPGP digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".