httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [VOTE] obscuring (or not) commit logs/CHANGES for fixes to vulnerabilities
Date Sun, 12 Jan 2014 13:01:05 GMT
On 11.01.2014 14:02, Jeff Trawick wrote:
> On Sat, Jan 11, 2014 at 2:51 AM, Ben Reser <ben@reser.org
> <mailto:ben@reser.org>> wrote:
> 
>     On 1/10/14, 5:38 AM, Jeff Trawick wrote:
>     > [ ] It is an accepted practice (but not required) to obscure or
>     omit the
>     > vulnerability impact in CHANGES or commit log information when
>     committing fixes
>     > for vulnerabilities to any branch.
>     >
>     > [X] It is mandatory to provide best available description and any
>     available
>     > tracking information when committing fixes for vulnerabilities to
>     any branch,
>     > delaying committing of the fix if the information shouldn't be
>     provided yet.
>     >
>     > [ ] _______________ (fill in the blank)

Rainer

Mime
View raw message