On 05/23/2017 12:26 PM, Rainer Jung wrote:
> Am 22.05.2017 um 22:38 schrieb Yann Ylavic:
>> On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jr
>> wrote:
>>> On May 5, 2017 13:32, "Jim Jagielski" wrote:
>>>
>>> +1... Lets do it.
>>>
>>> BTW, I would adjust
Am 22.05.2017 um 22:38 schrieb Yann Ylavic:
On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jr wrote:
On May 5, 2017 13:32, "Jim Jagielski" wrote:
+1... Lets do it.
BTW, I would adjust #16 to include:
Add the CVE to the CHANGES file.
That way, it's
On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jr wrote:
> On May 5, 2017 13:32, "Jim Jagielski" wrote:
>
> +1... Lets do it.
>
> BTW, I would adjust #16 to include:
>
>Add the CVE to the CHANGES file.
>
> That way, it's still documented in CHANGES,
On Mon, May 22, 2017 at 10:58 AM, Eric Covener wrote:
> Last chance for anyone else to speak up.
Not really "last", but before this thread is lost forever to everyones
mail archives.
--
Eric Covener
cove...@gmail.com
On Sat, May 6, 2017 at 9:17 PM, William A Rowe Jr wrote:
> On May 5, 2017 13:32, "Jim Jagielski" wrote:
>
> +1... Lets do it.
>
> BTW, I would adjust #16 to include:
>
>Add the CVE to the CHANGES file.
>
> That way, it's still documented in CHANGES,
On May 5, 2017 13:32, "Jim Jagielski" wrote:
+1... Lets do it.
BTW, I would adjust #16 to include:
Add the CVE to the CHANGES file.
That way, it's still documented in CHANGES, just after the release
is spun out, show it shows up in the next release's CHANGES.
... And if
On 05/05/2017 01:32 PM, Jim Jagielski wrote:
+1... Lets do it.
BTW, I would adjust #16 to include:
Add the CVE to the CHANGES file.
That way, it's still documented in CHANGES, just after the release
is spun out, show it shows up in the next release's CHANGES.
Sounds good to me.
--Jacob
+1... Lets do it.
BTW, I would adjust #16 to include:
Add the CVE to the CHANGES file.
That way, it's still documented in CHANGES, just after the release
is spun out, show it shows up in the next release's CHANGES.
> On May 5, 2017, at 8:39 AM, Eric Covener wrote:
>
>
On 05/05/2017 05:39 AM, Eric Covener wrote:
Here is the change that probably has the biggest impact to the community:
"""
...
The project team commits the fix. No reference should be made to the
commit being related to a security vulnerability.
This is the only part that makes me nervous,
(note to security@ folks -- this is a public dev@ thread!)
Hi All. Over the years we have tried different approaches to handling
CVEs, varying based on who did the work, their understanding of the
unwritten procedures, and the severity of the bug. We haven't ever
come to a solid consensus on
10 matches
Mail list logo