It is my understanding that the commenters in FFMPEG's favor believe that Google... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		iscoelho 36 days ago \| parent \| context \| favorite \| on: FFmpeg to Google: Fund us or stop sending bugs It is my understanding that the commenters in FFMPEG's favor believe that Google is doing a disservice by finding these security vulnerabilities, as they require volunteer burden to patch, and that they should either: 1) allow the vulnerabilities to remain undiscovered & unpatched zero-days (stop submitting "slop" CVEs.) 2) supply the patches (which i'm sure the goalpost will move to the maintainers being upset that they have to merge them.) 3) fund the project (including the maintainers who clearly misunderstand the severity of the vulnerabilities and describe them as "slop") (no thank you.) This entire thread defies logic.

strictnein 33 days ago [–]

No one is saying #1. No one is arguing against #2. #3 is something all companies with significant reliance on OSS projects should help do.

The only thing that defies logic is how poorly your strawman is constructed.

iscoelho 28 days ago | [–]

It appears we are not reading the same thread.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact