[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Procedure for handling actively exploited security bugs with patches?



On Saturday 09 February 2008 12:38:02 am Jason L Tibbitts III wrote:
> Make sure things get in bugzilla and are marked as security so the security
> team sees it, and if you have a patch and you have access they I can't see
> why you wouldn't at least commit it and do a scratch build.

In many cases, the suggested fix is a quick reaction that is incomplete or 
causes a subtle incompatibility. Security patches need careful but timely 
review. I recommend that the security team coordinate the repair and no one 
apply unreviewed patches just because you have access.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]