httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [VOTE] obscuring (or not) commit logs/CHANGES for fixes to vulnerabilities
Date Fri, 10 Jan 2014 13:44:08 GMT
[X] It is mandatory to provide best available description and any available
tracking information when committing fixes for vulnerabilities to any
branch, delaying committing of the fix if the information shouldn't be
provided yet.

--/--

IMO it is not appropriate to let skilled attackers see a code change (which
they can analyze to determine if there is an impact that they can exploit)
if you are not going to make it possible for the general user community
looking at the same commit activity to decide if they need to take an
action.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message