One can argue that for a user it doesn't matter if it's ffmpeg, VLC or something... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

matsemann on July 10, 2013 | parent | context | favorite | on: VLC threatens to sue Secunia over full disclosure

One can argue that for a user it doesn't matter if it's ffmpeg, VLC or something else that's buggy. A user is installing VLC, has probably no knowledge of what ffmpeg is, and it's the use of VLC that exposes the user to the security bug.

As such, it's VLC responsibility to not ship a product that may harm a user's computer, even if the error is not in their code.

jbk on July 10, 2013 [–]

All the known vulnerabilities have been fixed. Which one are you referring to?

matsemann on July 10, 2013 | [–]

None in particular, just the general concept that you are responsible for all the parts in the end product, even if not made by you.

jbk on July 10, 2013 | | [–]

Oh, yes, we agree on that. Which is why we patched FFmpeg for the SWF issue.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact