[vlc-devel] Update on the web plugins
Rémi Denis-Courmont
remi at remlab.net
Wed Mar 30 23:44:29 CEST 2011
Hello,
A few people have asked why Secunia has kept flagging the VLC web plugins as
insecure for several releases (Secunia Advisory SA41810). Unfortunately, I
believe Secunia is correct. The bug that has been disclosed quite a while ago
regarding web plugins is still wide open. Some might argue it is not a
security issue, rather a plain stability problem. But that is kinda
irrelevant. It is a major bug in any case.
Now a side story: I have been a guest speaker on VLC at some small scale
conference in Helsinki a few years ago. There were critics from the audience
about the claimed lower quality/stability of the then latest release
(0.9.something) compared to previous one (I guess 0.8.6). My answer then is
sadly still valid today. Help is more than welcome.
Back to the matter. The web plugins have been mainly developed by one former
VLC developer as part of his job (as I understand). The guy left a few years
ago. The Mozilla and ActiveX plugins have been almost totally unmaintained
since then, and technical debt is accumulating.
As volunteer security contact for the project, I believe I have to keep you
aware of the situation, and issue this call for help. There you go.
Best regards,
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list