RE: Security reports in bugzilla?
- From: Franck Martin <franck sopac org>
- To: Sander Vesik <Sander Vesik Sun COM>
- Cc: 'Elliot Lee' <sopwith redhat com>, gnome-2-0-list gnome org, gnome-devel-list gnome org, gnome-bugsquad gnome org
- Subject: RE: Security reports in bugzilla?
- Date: 19 Dec 2001 10:23:04 +0000
Sander,
May I make an analogy:
It is not because a country doesn't know how to deal with AIDS that the country does not make a census to know how many cases there are.
The first step to tackle AIDS in many developing countries is to know the extend of the problem.
I think getting statistics on the number of security issues present in Gnome over time will help... Usually security bugs in common libraries are quickly patched by security experts, if you can provide an interface via bugzilla to record the security problem and the fix, then you will attract these security experts to Gnome.
Cf last announcement of the GLIBC buffer overflow.
Eliot, you do a great Job with your bug nag, at least you show the extend of the problem. If you want to nag more you can do the following presentation:
application | number of bugs open | oldest bug in bugzilla | number of security bugs open
Cheers.
franck sopac org
On Tue, 2001-12-18 at 14:19, Sander Vesik wrote:
On Tue, 18 Dec 2001, Franck Martin wrote:
>
> I know the bugsquad team is overloaded, and there are many bug out there,
> BUT you shouldn't ignore the problem. Let's flag it and see what we can do
> later.
>
This sounds presently as running an advertisement 'will drag in all wooden
horses and not inspect the contents' on our city gates...
> It is importnat for gnome to be a security concious development platform.
>
Yes, but it presently isn't, as evidenced by not having any formal way of
dealing with security problem a and not even having a designated
contact...
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
