[vlc-devel] [RFC] Bounties for VLC

[John Oyler]

On Tue, Aug 14, 2012 at 2:35 AM, Rémi Denis-Courmont <remi at remlab.net> wrote:
> * Lua preferences
>
> This is not feasible. Caching and localization issues are intractable. If a
> genius finds a _correct_ solution, s/he'd deserve more than 1200€.
>
>
> * Lua downloader
>
> This is useless until Lua supports running untrusted which it absolutely does
> not ("Told You So" when extensions were merged). And securing Lua is unsuited
> for a bounty, since there is no way to verify that the hunter understood the
> implication and did the work seriously...

I have a personal interest in making the lua stuff work, with or
without a bounty. I've discovered a few neat tricks that will let me
run a sort of virtual television channel (without having to stream!)
but for the fact that the viewers have to manually install one or more
playlist scripts... that's never going to work.

This doesn't even have to be C code. If I can convince you guys to put
in a lua script as standard for the next release, then whenever a user
opens a URL that contains a playlist they can be prompted to install
it. I've been thinking about how to make that secure... have the
downloader script hash the newly downloaded playlist and check if the
hash is trusted on the Videolan website. We wouldn't even need much of
a backend there... it could be a text file with a list of trusted
playlists.

Whether or not this should be a bounty, I do not know. But don't act
as if this is something that anyone would necessarily take lightly or
that it's something for which there is little implication.