On Thursday 27 Sep 2007, Steve Long wrote:
> No the point, as I see it, is that a security _audit_ of the code is now
> being carried out. Not a fix to one bug.
As I said, fine with me, but *do* it and then close the bug. Open new ones,
assign them and link them to the original bug if you wish. We act on them
and we close them as well.
> That's why it would be great if the report were submitted. Or do you think
> it wise to bring the service back up with known flaws?
What report?!? Onkobu offered help in auditing any future patches if anybody
required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled
out. Maybe he is now running another distro... I haven't been in touch with
Regarding the flaws, as I said, look at the code and find for yourself. As
far as I know, Tavis *has* reviewed the patch and the code. All what is
outstanding is for the site to be tested. If he opens new bugs, then we will
patch and close them.
> I didn't write the lines about the whole service needing reworking either.
> I'm just trying to explain why I think the process is being carried out
?_? again. I don't understand what are you trying to say?!? I don't see the
correlation between this and your (or my) first post. Sorry.
As a summary, the next step now is for firstname.lastname@example.org to their work (as
Infra has *repeatedly* said and requested). If someone can poke them to do
so please, it will be highly appreciated. If they audit, test, or jump on
one foot while holding raw eggs on their head I don't care. It's their job.
Bug please test and come back to us. Thanks.
email@example.com mailing list