Re: Reporting 1.2K crashes
On Tue, 25 Jun 2013 01:28:10 -0400, Alexandre Rebert
<alexandre.rebert@gmail.com> wrote:
>I am a security researcher at Carnegie Mellon University, and my team
>has found thousands of crashes in binaries downloaded from debian
>wheeze packages. After contacting owner@bugs.debian.org, Don Armstrong
>advised us to contact you before submitting ~1.2K bug reports to the
>Debian BTS using maintonly@bugs.debian.org (to avoid spamming
>debian-bugs-dist).
Will you also check Debian unstable? It is much easier to have a
package in unstable fixed, and I suspect that not every crash you find
will be a security relevant one.
Additionally, I guess that the vast majority of crahes you have found
will be upstream bugs which the Debian maintainer would have to
forward upstream. Will you take efforts to report these bugs to
upstream as well?
Will you check distributions other than Debian, and how will you make
sure that the upstreams are no swamped with identical bug reports from
each of their downstream distributions?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: