On Thu, Aug 25, 2005 at 02:53:41AM -0500, Branden Robinson wrote: >Package: cvs >Version: 1:1.12.9-14 >Severity: minor > >I note that Fedora Core recently did an advisory against CVS regarding >the cvsbug program. > >We don't ship the cvsbug program in our cvs package, so we're immune, but >we do ship the manpage, which in my haste I nearly mistook for the command, >causing me to almost file a spurious security bug. :) > >IMO, it's pointless to ship the manpage when the thing it documents is not >present.
True, yes... :-) I removed the cvsbug program a while ago, as it seems to be _designed_ for insecurity. Looks like I just missed the man page... -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the far end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer
signature.asc
Description: Digital signature
