Remote crashes being fixed in 2.6.2

Josh Bressers bressers at redhat.com
Wed Sep 9 19:49:05 EDT 2009


----- "Mark Doliner" <mark at kingant.net> wrote:
> 
> Are there specific things you think we need to improve?
> 
> Things we try to do now:
> * If someone reports a problem to us privately, keep the problem
> confidential until an agreed upon embargo date
> * Notify the packages list about the problem, what versions is
> affects, what the solution is, whether its public, the disclosure
> date, and provide a patch if possible
> * On the agreed upon day, check in the fix, add it to our security
> page, build updated packages
> 

I think using 2.6.2 as an example works in this instance. The update came out
before the packages list knew, and none of them had CVE ids.

One could even use 2.6.0 as an example. There wasn't near the colaboration on
the patch as there could have been. I was unfortunatly away during that cycle,
but normally I would have been happy to help test/very the fix is what was
needed.

In general, yes the right thing is done, and I'm quite happy with Pidgin
upstream. If you don't want my help, I'll head back into the shadows and only
jump out when needed :)

Thanks

-- 
    JB



More information about the Packagers mailing list