List Archive: gentoo-project
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Arturo Garcia wrote:
>> This is now all transparent public knowledge. As such no security team
>> worth their salt are going to leave these holes open. Remember that all
>> the code mentioned above has been freely available for several years.
> This is ridiculous. We are trying to bring up a service that was brought
> down because a command-injection vulnerability, and that is the bug we are
> to close. The solution to this problem is what has been required to be
> tested. Please don't deviate with arguments work that has to be done.
No the point, as I see it, is that a security _audit_ of the code is now
being carried out. Not a fix to one bug. That's why it would be great if
the report were submitted. Or do you think it wise to bring the service
back up with known flaws?
I didn't write the lines about the whole service needing reworking either.
I'm just trying to explain why I think the process is being carried out
firstname.lastname@example.org mailing list