httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Fwd: cvs commit: httpd-test/perl-framework/t/htdocs/security CAN-2004-0958.php
Date Tue, 23 Nov 2004 21:55:33 GMT
At 03:27 PM 11/23/2004, Joe Orton wrote:

>> Second, whenever we fail any CAN-2004-xxxx.t we must direct the
>> user to some patch where they can remedy the situation.  I'm sort
>> of laughing that I spent 4 hours yesterday researching two vulns
>> that many other engineers had spent 4 hours researching.  The
>> laughable thing - show me on www.php.net where they call out any
>> patches for 4.3.x to these two incidents?
>
>They don't, it was fixed silently, I mailed them about that but they
>didn't seem inclined to do anything about it.  If you want to follow up
>on that some more, great, but ranting about it here won't make much 
>difference.

Sure it will.  *We* simply put in a policy of not testing 
for garbage, with no solution, that is not our own doing 
or all together tangential to our projects.

I'll contemplate how to inject useful references in the
test results summary.

The rest was a rant which I don't expect us to do anything about :)

Bill


Mime
View raw message