wiki:SponsoringPrograms/STF/2025

Background

The Sovereign Tech Fund sponsors work on open digital base technologies that are vital to the development of other software or enable digital networking.

We secured funding for FFmpeg activities in 2024.

We plan on doing so again. If you are interested in being included in the application, please email the information specified in the template below to:

Template

One line summary of the proposed work

Example: Classify and fix outstanding issues identified by Coverity

Description of the work

Example: Coverity is a static code analysis system that is used to analyze FFmpeg code to find bugs with an emphasis on quality and security issues. There are currently 677 outstanding issues identified by Coverity (https://scan.coverity.com/projects/ffmpeg?tab=overview). Some of these issues are false positives while others could open the door to security vulnerabilities. The objective of this work is to identify the Coverity issues that are not false positives, and fix as many as possible.

Milestones

Milestone 1

Description

Example: Review all outstanding Coverity issues and, for each one, determine whether it is a false positive.

Deliverables

Example: List of both false positive and real issues posted to the FFmpeg dev mailing list.

Requested compensation (in USD or Euros)

Milestone 2

Etc.

Developer background and contact information

Example: Michael Niedermayer <michael-ffwork@niedermayer.cc>. I work in Austria, and have been an active contributor to FFmpeg since 2001 – 22308 commits so far. My work on FFmpeg is regularly supported by third parties and I am one of the founders of https://fflabs.eu. I am also extremely familiar with Coverity: I have fixed 690 issues out of 847 Coverity issues fixed in the past. I fixed over 2000 issues found by ossfuzz.

Application

Describe the technology this effort will support.

The proposed effort aims to support FFmpeg, a leading multimedia framework recognized for its versatile capabilities.

FFmpeg serves as a comprehensive solution for decoding, encoding, transcoding, multiplexing, demultiplexing, streaming, filtering, and playback of a wide array of multimedia formats. It stands out by seamlessly handling formats from ancient, obscure standards to cutting-edge ones, making it a cornerstone in the multimedia processing landscape.

Where is this technology being used? Why is it relevant and critical? How does this technology serve the public interest?

FFmpeg is a ubiquitous technology, deeply embedded in the fabric of modern multimedia processing and touching the lives of millions every day. FFmpeg is an integral component in a vast array of end-user devices, including desktops, laptops, mobile phones, smartwatches, and smart TVs. FFmpeg also powers major video distribution and streaming platforms like YouTube, Vimeo, AWS, and Microsoft Azure, shaping the landscape of online content consumption.

The technology extends its influence to TV broadcasts over IP, enabling seamless delivery of multimedia content to a global audience. Beyond mainstream applications, FFmpeg is employed in diverse sectors, from archival projects to the Mars Perseverance Rover, showcasing its adaptability and reliability.

The relevance and criticality of FFmpeg lies in its role as the backbone of multimedia processing. It serves the public interest by facilitating the seamless functioning of everyday technologies, from video playback in web browsers like Firefox and Chromium, to applications like Kodi, MPlayer, and OBS Studio. Furthermore, FFmpeg plays a crucial role in public sector use cases, website interactions, and even in the transmission of multimedia content within emails. In essence, FFmpeg's impact is far-reaching, touching both the private and public spheres. FFmpeg's reliability is paramount for the secure and efficient functioning of digital multimedia.

What are the problems the proposed work is trying to address? What activities do you propose and how do they address the problems described? How do those activities fit into [STF’s mission](https://www.sovereigntechfund.de/mission)?

The proposed work addresses critical challenges in maintaining FFmpeg's sustainability, security, and innovation. Activities include:

  • Security Fixes and Hardening: Addressing bugs and enhancing security through improvements of the fuzzing system.
  • Administration of FFmpeg Infrastructure: Ensuring robust infrastructure management for reliability and performance.
  • Improvements in Codecs, Formats, and Filters: Enhancing existing implementations.

These activities align with STF’s mission by supporting the maintenance and security of open source components and the strengthening the Open Source ecosystem.

Who is going to be performing the work and how are they qualified to do so?

The work will be performed by key FFmpeg project contributors and other experienced developers. Their qualifications have been demonstrated through years of active involvement in FFmpeg development, participating in diverse tasks including code contributions, code review, user support, and administration.

How is the technology maintained or governed? Is there a community behind the technology, and do they approve of the work?

FFmpeg's maintenance and governance in based on a flat hierarchy, with decisions being made transparently through written communications in mailing lists. The FFmpeg project boasts a robust community of administrators, maintainers, and contributors who actively engage in the decision-making processes through consensus-driven discussions. The proposed work aligns with the community's focus on quality, security, and openness and will/has been approved following the community's operating governance processes. (Note that new tasks were added to the wiki 1 hour before submission).

Describe the projects

Template Project Proposal

One line summary of the proposed work

Example: Classify and fix outstanding issues identified by Coverity

Description of the work

Example: Coverity is a static code analysis system that is used to analyze FFmpeg code to find bugs with an emphasis on quality and security issues. There are currently 677 outstanding issues identified by Coverity (https://scan.coverity.com/projects/ffmpeg?tab=overview). Some of these issues are false positives while others could open the door to security vulnerabilities. The objective of this work is to identify the Coverity issues that are not false positives, and fix as many as possible.

Milestones

Milestone 1

Description

Example: Review all outstanding Coverity issues and, for each one, determine whether it is a false positive.

Deliverables

Example: List of both false positive and real issues posted to the FFmpeg dev mailing list.

Requested compensation (in USD or Euros)

Milestone 2

Last modified 5 weeks ago Last modified on Nov 15, 2024, 7:37:21 PM
Note: See TracWiki for help on using the wiki.