| 1 |
Hi, |
| 2 |
|
| 3 |
Ciaran McCreesh <ciaran.mccreesh@×××××××××××××.uk>: |
| 4 |
|
| 5 |
> On Mon, 7 Jan 2008 00:35:41 +0100 |
| 6 |
> Christian Faulhammer <opfer@g.o> wrote: |
| 7 |
> > <URL:http://tinyurl.com/ypoxyg> is a list of closed security bugs |
| 8 |
> > where mips is still cced. 163 is the total number, where surely |
| 9 |
> > some duplicates can be found (PHP, Mozilla products), but we can |
| 10 |
> > assume that quite an extensive number of packages which are |
| 11 |
> > vulnerable stay still in the tree. |
| 12 |
> And how many of those have been fixed on mips without the Cc: being |
| 13 |
> removed? How many more of those would have been fixed had the bug not |
| 14 |
> been closed off? |
| 15 |
|
| 16 |
As you are so interested in those numbers, I humbly leave it to you |
| 17 |
to investigate in depth because I have to run a business. |
| 18 |
A quick check on the 15 newest bugs showed exactly 1 package where |
| 19 |
mips was not lagging behind, where out of these only 2 are X |
| 20 |
applications. The bugs reach back until mid-November 2007 (CC date for |
| 21 |
arches). |
| 22 |
For the sake of fairness I took 15 bugs in a row from 170000 and |
| 23 |
greater. Where mips lagging behind in 4 packages (from April 2007, |
| 24 |
1 X application), 2 packages where mips has been dropped completely |
| 25 |
(MySQL 5 e.g.). |
| 26 |
|
| 27 |
V-Li |
| 28 |
|
| 29 |
-- |
| 30 |
Christian Faulhammer, Gentoo Lisp project |
| 31 |
<URL:http://www.gentoo.org/proj/en/lisp/>, #gentoo-lisp on FreeNode |
| 32 |
|
| 33 |
<URL:http://www.faulhammer.org/> |
Archives