[Advisories] Libpurple security vulnerability CORE-2009-0727

Stu Tomlinson stu at nosnilmot.com
Thu Jul 30 22:37:57 EDT 2009


On Fri, Jul 31, 2009 at 03:33, Luke Schierer<lschiere at pidgin.im> wrote:
> To me the biggest question is can we *correctly* fix this issue this time
> around, since, if I read this report correctly, they are informing us that
> our previous fix didn't actually fix.

Irrespective of whether we can fix it in time or not, I suggest
delaying any further releases until we think we can fix it.

> Given that we can, yes, I'd like to see the fixes come out in about the same
> timeframe as news of the vulnerability.  but I recognize that we have
> historically been really really bad about waiting for a truly co-ordinated
> release.

And if we can't/don't have a fix yet/whatever you think we should
press ahead and release unfixed shiny new features anyway?

Regards,


Stu.



More information about the Packagers mailing list