[vlc-devel] Playlist item options security et al

Rémi Denis-Courmont rem at videolan.org
Mon Dec 24 19:01:46 CET 2007


Le lundi 24 décembre 2007, Pierre d'Herbemont a écrit :
> On Dec 24, 2007, at 6:35 PM, Pierre d'Herbemont wrote:
> > What about simply lowering the m3u-extvlcopt  Error message to a
> > Dbg message? The freebox module is fine without extvlcopt, and
> > extvlcopt doesn't add much...
>
> hum... Apparently they need:
>
> #EXTVLCOPT:ts-es-id-pid
> #EXTVLCOPT:no-video
> #EXTVLCOPT:audio-track-id=1001
>
> We could simply allow certain 'safe' options, such as those, when
> parsing m3u.

That's what I already stated several times. Indeed, the ASX parser 
already does uses some playlist item options in a similar way. That 
however would NOT work if certain insecure options (such as sout or 
demux-dump) were needed. In this later case, a new 
dedicated "restricted" sout option/plugin seems like the only safe 
solution.

Another option is for Free users to use Free's own wrapper around VLC. 
extvlcopt option can be enabled there.

As with JB's _amazing_ work on the Qt4 plugin and as with human beings 
in general, the unhappy ones are much more noisy (or then nobody likes 
me trying to fix VLC security issues). That won't make me change my 
mind, I've long since grown used to doing ungrateful tasks (cleaning up 
the API and the build system being another ones).

While I'm on it, thanks for those keeping the forums alive, and taking 
care of the servers, ML moderation and builds. Some very much needed 
and ungrateful stuff that I don't do.

Merry Christmas.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071224/3f501dbe/attachment.sig>


More information about the vlc-devel mailing list