[Advisories] Libpurple security vulnerability CORE-2009-0727
Stu Tomlinson
stu at nosnilmot.com
Thu Jul 30 22:37:57 EDT 2009
On Fri, Jul 31, 2009 at 03:33, Luke Schierer<lschiere at pidgin.im> wrote:
> To me the biggest question is can we *correctly* fix this issue this time
> around, since, if I read this report correctly, they are informing us that
> our previous fix didn't actually fix.
Irrespective of whether we can fix it in time or not, I suggest
delaying any further releases until we think we can fix it.
> Given that we can, yes, I'd like to see the fixes come out in about the same
> timeframe as news of the vulnerability. but I recognize that we have
> historically been really really bad about waiting for a truly co-ordinated
> release.
And if we can't/don't have a fix yet/whatever you think we should
press ahead and release unfixed shiny new features anyway?
Regards,
Stu.
More information about the Packagers
mailing list