river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricia Shanahan <p...@acm.org>
Subject [DISCUSS] [vote] should we fix security flaws?
Date Thu, 07 Apr 2016 20:34:23 GMT
I am not prepared to vote on this.

First of all, I would need, on a private list where we can go into 
details of security issues, to get a feeling for the seriousness of the 
flaws in question. A denial of service is, in many contexts, less 
serious than file corruption.

We may want to consider investigating the actual and proposed use-cases 
for River before deciding this.

Do you feel any of the security flaws in question are release-blockers 
for River 3.0? How long would fixing them first delay the release?

On 4/7/2016 12:36 PM, Peter wrote:
> How do people on this project feel about security flaws?
> Should we be fixing them?
> I can provide evidence of vulnerabilities, I'm not proposing my fixes be adopted.
> Vote:
>   +1 Yes we should aim to fix security flaws.
> 0 don't care.
> -1 No.
> Regards,
> Peter.
> Sent from my Samsung device.

View raw message