incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <>
Subject Re: Proposal: ooo-announce list
Date Tue, 13 Dec 2011 10:44:51 GMT

On Mon, 2011-12-12 at 16:14 +0100, Andrea Pescetti wrote:
> On 11/12/2011 Rob Weir wrote:
> > The practice is to check in such fixes without making it evident to
> > the observer that it is security-related.

	This would be our normal practise too; though we can't edit git history
but we could presumably add a note later to tag a commit.

> Like this?
> I know the example is from LibreOffice (even though the bug might be 
> shared with or Apache OpenOffice) but I just happened to 
> spot it and it doesn't seem particularly hidden...

	Sure - that is because this CVE is already public, presumably because
the bug it is related to is also public cf. and associated links.
Thus there is no particular benefit in hiding the fact; anyone skilled
in the art can grok our included projects and correlate them with an
existing list of CVEs.



--  <><, Pseudo Engineer, itinerant idiot

View raw message