Greg Hudson <ghudson@MIT.EDU> writes:
> On Tue, 2004-01-27 at 11:14, kfogel@collab.net wrote:
> > I think we should worry more about the real consequences of the bug,
> > and trust BugTraq's readership to do the same. [Also, we should mail
> > BugTraq ourselves with a description, and a prediction of a fix in
> > 1.0.1 or whenever we schedule it for. Better to be in control of your
> > own bad news than let someone drive it :-) ]
>
> I don't really agree; just because someone on bugtraq thinks a path leak
> is a real security hole doesn't make it true. (Not saying we shouldn't
> fix it, just that we shouldn't pollute bugtraq with unimportant
> revelations.)
If someone else does post this to BugTraq, is there a mechanism by
which we can follow up with an addendum?
What I want to avoid is someone making the bug sound more serious than
it is. As long as there's a way for us to correct any misimpressions,
then I'm happy with doing nothing until if/when we see a first post.
(Of course, agree we should fix it in trunk and 1.0.1.)
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 29 19:15:28 2004