You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
noScribe comes with 3 bundled ffmpeg binaries, to my understanding this is for the sake of not having any outside dependencies from the actual app bundle itself. However it seems the bundled ffmpeg binaries are not updated regularly and are currently on version 6.0. There have been multiple security vulnerabilities since this release. In my opinion the ffmpeg should be provided by the system and not bundled with the app. Since every time ffmpeg gets an update, you would need to repackage the app and update it for all users. ffmpeg is very popular and gets updated automatically on linux and macos (apt and brew). At the very least I'd encourage downloading the newest ffmpeg binaries and updating the app bundle.
Bundled ffmpeg
No external dependency
240mb larger repository size
Need to rebuild and distribute update every time ffmpeg updates
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
noScribe comes with 3 bundled ffmpeg binaries, to my understanding this is for the sake of not having any outside dependencies from the actual app bundle itself. However it seems the bundled ffmpeg binaries are not updated regularly and are currently on version 6.0. There have been multiple security vulnerabilities since this release. In my opinion the ffmpeg should be provided by the system and not bundled with the app. Since every time ffmpeg gets an update, you would need to repackage the app and update it for all users. ffmpeg is very popular and gets updated automatically on linux and macos (apt and brew). At the very least I'd encourage downloading the newest ffmpeg binaries and updating the app bundle.
Bundled ffmpeg
System ffmpeg
TLDR: currently used old ffmpeg has security vulnerabilities
Beta Was this translation helpful? Give feedback.
All reactions