Yes. But they don’t upstream. Why would they?

cataflam · 2025-11-12T03:24:30 1762917870

Don't they?

https://git.ffmpeg.org/gitweb/ffmpeg.git?a=search&h=HEAD&st=...

justahuman74 · 2025-11-11T20:43:14 1762893794

Great, they can fix the bugs being filed by another part of their company

Ferret7446 · 2025-11-11T20:50:31 1762894231

So would you rather Google have a secure ffmpeg while us plebian individual users continue to have an insecure ffmpeg?

GaryBluto · 2025-11-12T07:37:32 1762933052

It's frustrating to me how many people are siding with FFmpeg here considering how unprofessional and generally asshole-ish they are being.

I feel that this is mostly a kneejerk reaction to AI and Google in general, with people coming up with arguments to support their reaction after already forming an opinion.

NoGravitas · 2025-11-12T14:37:56 1762958276

It's a volunteer project, they have no requirement to be 'professional'. That's basically the root of the whole issue. A hobby project is not a product, and its developers are not vendors. Free software is not a supply chain.

joshuamorton · 2025-11-12T20:10:07 1762978207

> A hobby project is not a product, and its developers are not vendors

But it's developers do offer paid consulting as ffmpeg maintainers, which Google does pay for.

Dylan16807 · 2025-11-12T18:58:45 1762973925

The word "unprofessional" here is muddying the comment more than it helps.

Let's just saying they're being asshole-ish, which is a problem for volunteer projects just as much as non-volunteer ones.

The ffmpeg twitter sucks.

adastra22 · 2025-11-13T00:30:26 1762993826

Because we've worked as open-source maintainers and experienced the same frustrating asshole-ish behavior from companies before.

warkdarrior · 2025-11-12T00:44:09 1762908249

They probably fixed in the internal version.