On Mon, 27 Apr 2020 09:46:25 +0200 Johannes Segitz <[email protected]> said:
> On Fri, Apr 24, 2020 at 02:52:04PM +0100, Carsten Haitzler wrote: > > that means you should do a security audit for every commit > > Everything that is published should be reviewed for security issues. I > know that it is not, but that doesn't change the fact that if you publish > code that has security issues they should be tracked via a CVE to notify > downstream users of the problem (if Matthias had reviewed this a few months > later then this would be definitely necessary). In this case we will not > push for this, but according to the CVE rules this is pretty clear. then kiss goodbye to open source and open development. will just move all dev behind a closed door so the public never sees it because someone wants a CVE for every commit that may have an issue. :) you need to be realistic. it's not happening. if you're using git - keep up. you shouldn't need CVEs to tell you to update or pay attention to the logs if you're following. :) > Johannes > -- > GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 > Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg > Geschäftsführer: Felix Imendörffer (HRB 36809, AG Nürnberg) -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- Carsten Haitzler - [email protected] _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
