List Archive: gentoo-project
Arturo Garcia wrote:
>> This is now all transparent public knowledge. As such no security team
>> worth their salt are going to leave these holes open. Remember that all
>> the code mentioned above has been freely available for several years.
> This is ridiculous. We are trying to bring up a service that was brought
> down because a command-injection vulnerability, and that is the bug we are
> trying
> to close. The solution to this problem is what has been required to be
> tested. Please don't deviate with arguments work that has to be done.
>
No the point, as I see it, is that a security _audit_ of the code is now
being carried out. Not a fix to one bug. That's why it would be great if
the report were submitted. Or do you think it wise to bring the service
back up with known flaws?
I didn't write the lines about the whole service needing reworking either.
I'm just trying to explain why I think the process is being carried out
properly.
--
gentoo-project@g.o mailing list
|
|
