Re: Snort: Mass Bug Closing
On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
> I'm about to close 95153, 133049, 158040, 165555, 170580, 173331, 176223,
> 135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
> 174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
> and 189780 with a nice message telling that the bug was reported on a
> really old package-version and the bug is really old too, including a
> URL to an up to date version of the package, where most probably all
> these bugs are fixed.
Did you check whether any of these bugs are fixed? I reported at least one
of them, and it is definitely not fixed. You should not close bugs simply
because they are old.
> Before you object to this rather 'rude' bughandling, please keep in mind
> that version 1.8.4 of snort, which is in stable, has 3 severe security
> exploits, and is completely outdated in catching crooks (rulefiles) and
> detection mechanisms. Not to speak of package stability ;)
I think it is quite "rude" to knowingly distribute a package with severe
security problems without fixing the bugs or even informing other
developers. What are these bugs exactly? How long have you been aware of
them?
Or are you perhaps not aware of DSA-297?
--
- mdz
Reply to: