svn commit: r321045 - head/security/tor-devel
Martin Wilke
miwi at bsdhash.org
Sun Jun 16 22:58:18 UTC 2013
On Jun 17, 2013, at 2:50 AM, Eitan Adler <eadler at FreeBSD.ORG> wrote:
> On Sun, Jun 16, 2013 at 8:17 PM, b.f. <bf1783 at googlemail.com> wrote:
>> On 6/16/13, Eitan Adler <eadler at freebsd.org> wrote:
>>> On Sun, Jun 16, 2013 at 4:06 PM, b.f. <bf1783 at googlemail.com> wrote:
>>>> In this case no CVEs were issued
>>>
>>> This is odd.
>>
>> Not very, when you consider that this is development code, and not a
>> stable release. It would be absurd to think that every developer goes
>> running to a CNA every time they find any problem in their repository.
>
> CVEs are given for beta releases (see CVE mailing lists for details).
> I don't think debating this point is very important.
>
>
>> Not
>> every bug is found, fewer still are disclosed, and even fewer are
>> reported to a CNA and given a CVE-ID.
>
> Agreed
>
>> The Tor developers are very conscientious when it comes to reporting
>> bugs, even ones that are unlikely to be exploited. They often fix and
>> report problems that would go undetected or undisclosed in other
>> projects. But only some of the most serious bugs are reported by the
>> project or by others to a CNA.
>
> Understood.
>
> Back to the point at hand, I do think this should be documented in VuXML.
I don't think so. You are really getting annoying with telling people what there have to do..
We never documented -devel and it should be never documented as brandan already pointed out its development code.
- Martin
>
>
> --
> Eitan Adler
> Source, Ports, Doc committer
> Bugmeister, Ports Security teams
>
+-----------------oOO--(_)--OOo-------------------------+
With best Regards,
Martin Wilke (miwi_(at)_FreeBSD.org)
Mess with the Best, Die like the Rest
More information about the svn-ports-all
mailing list