incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <michael.me...@suse.com>
Subject Re: Proposal: ooo-announce list
Date Tue, 13 Dec 2011 10:44:51 GMT

On Mon, 2011-12-12 at 16:14 +0100, Andrea Pescetti wrote:
> On 11/12/2011 Rob Weir wrote:
> > The practice is to check in such fixes without making it evident to
> > the observer that it is security-related.

	This would be our normal practise too; though we can't edit git history
but we could presumably add a note later to tag a commit.

> Like this?
> http://cgit.freedesktop.org/libreoffice/core/commit/?id=cf5d0e20f2ba5a71f9ca2ed78a1b24841c97bb06
> 
> I know the example is from LibreOffice (even though the bug might be 
> shared with OpenOffice.org or Apache OpenOffice) but I just happened to 
> spot it and it doesn't seem particularly hidden...

	Sure - that is because this CVE is already public, presumably because
the bug it is related to is also public cf.
https://bugzilla.redhat.com/show_bug.cgi?id=765812 and associated links.
Thus there is no particular benefit in hiding the fact; anyone skilled
in the art can grok our included projects and correlate them with an
existing list of CVEs.

	ATB,

		Michael.

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot


Mime
View raw message