In a comment, Martin Lindhe drew my attention to a new effort in Wine called The Patch Watcher. It’s an idea that someone else had once proposed to me in relation to my other automated testing efforts. The conversation went something like this:
them: Maybe you should write a program that monitors ffmpeg-devel for patches and for each individual patch, detach it, apply it to current FFmpeg SVN, build the tree, and report the status back to the list.
me: That’s a great idea! I’ll write a program that actively seeks out arbitrary, possible malicious code that anyone can post to a public mailing list and dutifully executes it on my own computers.
The reason I bring this up is because the people behind The Patch Watcher obviously had the same misgivings. But they thought that this idea was beneficial enough that they worked hard to solve the brazen security concern. The Patch Watcher code is open source. If anyone wants to try to apply it to FFmpeg, that would be heroic. I sort of have my plate full with making sure that existing, official FFmpeg code works.
Well, as the wine guys point out they use a chroot jail ;-)