svn commit: r321045 - head/security/tor-devel
Eitan Adler
eadler at freebsd.org
Sun Jun 16 18:51:19 UTC 2013
On Sun, Jun 16, 2013 at 8:17 PM, b.f. <bf1783 at googlemail.com> wrote:
> On 6/16/13, Eitan Adler <eadler at freebsd.org> wrote:
>> On Sun, Jun 16, 2013 at 4:06 PM, b.f. <bf1783 at googlemail.com> wrote:
>>> In this case no CVEs were issued
>>
>> This is odd.
>
> Not very, when you consider that this is development code, and not a
> stable release. It would be absurd to think that every developer goes
> running to a CNA every time they find any problem in their repository.
CVEs are given for beta releases (see CVE mailing lists for details).
I don't think debating this point is very important.
> Not
> every bug is found, fewer still are disclosed, and even fewer are
> reported to a CNA and given a CVE-ID.
Agreed
> The Tor developers are very conscientious when it comes to reporting
> bugs, even ones that are unlikely to be exploited. They often fix and
> report problems that would go undetected or undisclosed in other
> projects. But only some of the most serious bugs are reported by the
> project or by others to a CNA.
Understood.
Back to the point at hand, I do think this should be documented in VuXML.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the svn-ports-all
mailing list