+1 in some cases re-consider if a used option is really needed and disable it may close a vulnerability, the admin only needs to know that there is danger
Am 10.01.2014 15:24, schrieb Jim Jagielski: > +1 > On Jan 10, 2014, at 8:44 AM, Jeff Trawick <traw...@gmail.com> wrote: > >> [X] It is mandatory to provide best available description and any available >> tracking information when committing fixes for vulnerabilities to any >> branch, delaying committing of the fix if the information shouldn't be >> provided yet. >> >> --/-- >> >> IMO it is not appropriate to let skilled attackers see a code change (which >> they can analyze to determine if there is an impact that they can exploit) >> if you are not going to make it possible for the general user community >> looking at the same commit activity to decide if they need to take an action.
signature.asc
Description: OpenPGP digital signature
