On Thu, May 16, 2019 at 10:48 AM Dietrich, Christian < [email protected]> wrote:
> well the security problem is there for a long time and this was brought up > on orbit https://www.eclipse.org/lists/orbit-dev/msg05047.html in > february and nothing happened. so i have doubts regarding urgency > Just for the record Orbit project itself can not do anything. It's up for some project with actual dependency on given library to open CQ for newer version and after that add it to Orbit. Once there is a fixed version in Orbit the logical step from Orbit project POV is to remove the version with CVE from its latest build. Thus contacts should be made with the actual projects contributing the offensive versions to release train or nothing can't happen as most people probably don't read orbit-dev at all. I know that most people know it but I felt the need to repeat it :) > _______________________________________________ > cross-project-issues-dev mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev -- Alexander Kurtakov Red Hat Eclipse Team
_______________________________________________ cross-project-issues-dev mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
