httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: [VOTE] obscuring (or not) commit logs/CHANGES for fixes to vulnerabilities
Date Fri, 10 Jan 2014 14:24:46 GMT
On Jan 10, 2014, at 8:44 AM, Jeff Trawick <> wrote:

> [X] It is mandatory to provide best available description and any available tracking
information when committing fixes for vulnerabilities to any branch, delaying committing of
the fix if the information shouldn't be provided yet.
> --/--
> IMO it is not appropriate to let skilled attackers see a code change (which they can
analyze to determine if there is an impact that they can exploit) if you are not going to
make it possible for the general user community looking at the same commit activity to decide
if they need to take an action.
> -- 
> Born in Roswell... married an alien...

View raw message