Date: Mon, 17 Jun 2013 06:58:04 +0800 From: Martin Wilke <miwi@bsdhash.org> To: Eitan Adler <eadler@FreeBSD.ORG> Cc: bf1783@gmail.com, svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r321045 - head/security/tor-devel Message-ID: <E35BA0BD-766D-4E50-BFBF-A2DB089D8435@bsdhash.org> In-Reply-To: <CAF6rxgk1CF9SySZkdKykVvd9M8VfHm2oHvCFKX=zhZ=UznO8hw@mail.gmail.com> References: <201306161247.r5GCloLW020616@svn.freebsd.org> <CAF6rxgm3x4VgGCnWBJC5SanViZuj1ZNQ-qfsZFgwiSmpBkvXuQ@mail.gmail.com> <CAGFTUwPZM4u6LYvx_rsF4My7tHPZKS3V_N2YO7ur29HQyesOsQ@mail.gmail.com> <CAF6rxgnC8hDDwTW9NxqCDs8YEYyFRLzzDm=g=94A5Fn6GdXveA@mail.gmail.com> <CAGFTUwP-_xJUTdj=hr7wM_BV-=Bo%2BktE1ud6s3n1eBizjUH=fQ@mail.gmail.com> <CAF6rxgk1CF9SySZkdKykVvd9M8VfHm2oHvCFKX=zhZ=UznO8hw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 17, 2013, at 2:50 AM, Eitan Adler <eadler@FreeBSD.ORG> wrote:
> On Sun, Jun 16, 2013 at 8:17 PM, b.f. <bf1783@googlemail.com> wrote:
>> On 6/16/13, Eitan Adler <eadler@freebsd.org> wrote:
>>> On Sun, Jun 16, 2013 at 4:06 PM, b.f. <bf1783@googlemail.com> wrote:
>>>> In this case no CVEs were issued
>>>=20
>>> This is odd.
>>=20
>> Not very, when you consider that this is development code, and not a
>> stable release. It would be absurd to think that every developer =
goes
>> running to a CNA every time they find any problem in their =
repository.
>=20
> CVEs are given for beta releases (see CVE mailing lists for details).
> I don't think debating this point is very important.
>=20
>=20
>> Not
>> every bug is found, fewer still are disclosed, and even fewer are
>> reported to a CNA and given a CVE-ID.
>=20
> Agreed
>=20
>> The Tor developers are very conscientious when it comes to reporting
>> bugs, even ones that are unlikely to be exploited. They often fix and
>> report problems that would go undetected or undisclosed in other
>> projects. But only some of the most serious bugs are reported by the
>> project or by others to a CNA.
>=20
> Understood.
>=20
> Back to the point at hand, I do think this should be documented in =
VuXML.
I don't think so. You are really getting annoying with telling people =
what there have to do..
We never documented -devel and it should be never documented as brandan =
already pointed out its development code.
- Martin
>=20
>=20
> --=20
> Eitan Adler
> Source, Ports, Doc committer
> Bugmeister, Ports Security teams
>=20
+-----------------oOO--(_)--OOo-------------------------+
With best Regards,
Martin Wilke (miwi_(at)_FreeBSD.org)
Mess with the Best, Die like the Rest
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E35BA0BD-766D-4E50-BFBF-A2DB089D8435>