[vlc-devel] [PATCH] smb: try libdsm first

[Alexandre Janniaux]

Hi,

@Thomas, this looks like a good compromise, maybe we can
make the users aware that what they are using is flawed
with possible security issues. I just fear that we might
need as much support efforts as currently because users
won't know how to find it.

On Wed, Oct 16, 2019 at 08:43:38PM +0300, Rémi Denis-Courmont wrote:
> Le keskiviikkona 16. lokakuuta 2019, 14.29.01 EEST Simon Latapie a écrit :
> > Sorry but I still do not understand where the second vulnerability comes
> > from.
>
> Sortry but I do not understand how this patch can be correct. In the best
> case, it will waste three network round trips to fail to negotiate SMB1, which
> is in itself unacceptable, especially now that we have network preparsing.
>

I'm not qualified for the security issue, but the additional
roundtrip issue seems irrelevant to me as the main usage of
SMBv1 for VLC is through NAS server that are on a local
network.

> Fixing a patch is out of scope of a code review.

Fixing a patch is not, but focusing on improvement for the
solution given is precisely highlighted in Videolan's code
of conduct. While it's not cleary written that you MUST,
the common sense and usual review skills on most open
source project would agree that it's a pivotal points for
having sane code review.

> I have no tolerance for a non-developer showing up just to troll a reviewer,
> especially me.

I don't know neither from where you consider Simon as a non
developer nor from where you declare him as a troller. I
don't feel this is really correct on this mailing list.

Please don't close the gap with ad hominen attacks as it is
only bringing bad atmosphere on the table and prevents real
and correct arguments from emerging. Maybe you can just
underline the technical point troubling you in Simon's
message and kindly ask what you expect him to provide in
this thread instead.

Regards,
--
Alexandre Janniaux
Videolabs