[vlc-devel] [PATCH] win32: do not load wininet.dll on startup, it's not a Known DLL

Jean-Baptiste Kempf jb at videolan.org
Wed Mar 29 08:13:07 CEST 2017 

On 29/03/2017 06:48, Pierre Ynard via vlc-devel wrote:
>> And then you break the signature.
> Or you strip/replace it etc...

And then you cannot run on a normal Windows installation.

> But you seem pretty dead set and it would be lost on you anyway.
 > [...]
>  - you're obviously dead set to deny and refute the answer anyway
 > [...]
>> You've already insulted me more than twice in this thread.
> You make it easy!

... I don't even know what to answer to those insults and those obvious 
CoC violations.

>> Once again, you show that you've read absolutely nothing about the
>> issue. So let me explain it again: YOU CANNOT MODIFY KnownDLL LIST!
> I've only read the thread. I don't know if your arguments in the thread
> about the issue count for "absolutely nothing", but according to them,
> it's hard but possible:

It is not possible to change or modify the KnownDLL, unless you are 
Microsoft. Please demonstrate how you can do that. You would be an 
instant millionnaire.

> How about you don't push code and do things with flaws to be attacked?

What part was pushed that has flaws to be attacked?

The whole thing is about to close some of those flaws who exists since 
the earlier years of VLC.

> Oh wait, sorry, that's not how it works, I'm the one required to justify
> myself.

No, you're supposed to not insult or attack people.
Your tone is totally unacceptable, especially since you know almost 
nothing about the issue.

> disqualifies me from contributing an opinion? Is that your point? It's
> true that you have president and CEO authority, meanwhile your fixes got
> pushed, and I got pushed into giving up my dissenting opinion - which
> was of course disqualified anyway. Life is nice.

The difference is that my fixes are based on the Windows knowledge and 
attacks that were actually tested, and your "fixes" (that are not 
existent, btw) are about "it's hard, but it is possible".
Your knowledge of the Windows security is almost non-existent, while 
people worked on specific attack scenarios and vectors.

Also, you suggest to not sign binaries, which makes it impossible to run 
VLC for most people.


-- 
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device

More information about the vlc-devel mailing list