[vlc-devel] [PATCH 1/2] cli: remove TCP mode (--rc-host)
Rémi Denis-Courmont
remi at remlab.net
Sun Nov 22 12:52:26 CET 2020
Le sunnuntaina 22. marraskuuta 2020, 13.38.54 EET Alexandre Janniaux a écrit :
> Hi,
>
> On Sat, Nov 21, 2020 at 05:56:18PM +0200, Rémi Denis-Courmont wrote:
> > Le lauantaina 21. marraskuuta 2020, 17.49.43 EET Alexandre Janniaux a
écrit :
> > > Will you remove playlist support because you can add option
> > > afterwards?
> >
> > How does that lead to RCE?
> >
> > > At least with a CVE you would define a threat
> > > model.
> >
> > It's the same threat modeling as with the HTTP interface.
> > There's nothing new here.
> >
> > We've never had meetings to address security issues.
>
> That's plain common sense if you want to avoid conflicts
> with other developers.
Keeping a security hole in desktop releases so that one developer can keep his
mobile debugging workflow is not common sense, no.
--
雷米‧德尼-库尔蒙
http://www.remlab.net/
More information about the vlc-devel
mailing list