[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1339559 - /subversion/site/publish/docs/release-notes/release-history.html

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Thu, 17 May 2012 18:51:33 +0100 (BST)

Philip Martin wrote:
> 1.7.5 includes r1298343 a server SEGV that can only be triggered by
> those with commit access.  We never bothered getting a CVE for
> that.  Does that mean we can't call it a security release?

What's the point in having two different definitions of the term "security"?  I don't know about our historical practice, but if we can decide from now on that a "security release" means a "security issue" was fixed, and a "security issue" means something that we decided was worth getting a CVE for, that would seem to be a recipe for less confusion.

- Julian

 
> Greg Stein <gstein_at_gmail.com> writes:
>
>> Should we the term "security" if a release does not have a CVE
> associated
>> with it?
>> On May 17, 2012 7:45 AM, <philip_at_apache.org> wrote:
>>
>>> Author: philip
>>> Date: Thu May 17 11:44:39 2012
>>> New Revision: 1339559
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1339559&view=rev
>>> Log:
>>> * publish/release-notes/release-history.html: Add recent releases.
>>>
>>> Modified:
>>>     subversion/site/publish/docs/release-notes/release-history.html
>>>
>>> Modified:
> subversion/site/publish/docs/release-notes/release-history.html
>>> URL:
>>>
> http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/release-history.html?rev=1339559&r1=1339558&r2=1339559&view=diff
>>>
>>>
> ==============================================================================
>>> --- subversion/site/publish/docs/release-notes/release-history.html
>>> (original)
>>> +++ subversion/site/publish/docs/release-notes/release-history.html Thu
>>> May 17 11:44:39 2012
>>> @@ -31,6 +31,27 @@ Subversion 2.0.</p>
>>>
>>>   <ul>
>>>   <li>
>>> +    <b>Subversion 1.7.5</b> (Thursday, 17 May 2012):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.7.4</b> (Thursday, 8 March 2012):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.7.3</b> (Monday, 13 February 2012):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.7.2</b> (Monday, 5 December 2011):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.7.1</b> (Sunday, 23 October 2011):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.7.0</b> (Tuesday, 11 October 2011):
> Feature and
>>> bugfix release, see the <a
> href="/docs/release-notes/1.7.html">release
>>> notes</a>.
>>> +  </li>
>>> +  <li>
>>> +    <b>Subversion 1.6.18</b> (Thursday, 12 April 2012):
> Bugfix/security
>>> release.
>>> +  </li>
>>> +  <li>
>>>     <b>Subversion 1.6.17</b> (Wednesday, 1 June 2011):
> Bugfix/security
>>> release.
>>>   </li>
>>>   <li>
>>>
>>>
>>>
>
> --
> uberSVN: Apache Subversion Made Easy
> http://www.uberSVN.com
>
Received on 2012-05-17 19:52:08 CEST

This is an archived mail posted to the Subversion Dev mailing list.