[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion security needs to improve.

From: Florian Weimer <fw_at_deneb.enyo.de>
Date: 2004-10-21 00:33:41 CEST

> What *specifically* is the team doing wrong now, or failing to do
> right?

From a security handling perspective, you are doing quite fine, I
think. At least for the first security issue, you offered a minimal
patch (I didn't look at the recent, though). You publish new
revisions to fix security bugs (instead of just fixing them in the
repository). You write your own security advisories which contain
enough information to carry out an independent threat assessment.

You don't hide things under the carpet for an extended period of time,
as it is expect from open source software projects nowadays. However,
that's actually rather refreshing. 8-)

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 21 00:34:12 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.