Re: Subversion security needs to improve.

From: Florian Weimer <fw_at_deneb.enyo.de>
Date: 2004-10-21 00:33:41 CEST

> What *specifically* is the team doing wrong now, or failing to do
> right?

From a security handling perspective, you are doing quite fine, I
think. At least for the first security issue, you offered a minimal
patch (I didn't look at the recent, though). You publish new
revisions to fix security bugs (instead of just fixing them in the
repository). You write your own security advisories which contain
enough information to carry out an independent threat assessment.

You don't hide things under the carpet for an extended period of time,
as it is expect from open source software projects nowadays. However,
that's actually rather refreshing. 8-)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 21 00:34:12 2004

This message: [ Message body ]
Next message: Mark Benedetto King: "Re: Subversion security needs to improve."
Previous message: Mark Benedetto King: "Re: another idea for directory locking."
In reply to: kfogel_at_collab.net: "Re: Subversion security needs to improve."
Next in thread: Alex Holst: "Re: Subversion security needs to improve."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]