[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

On Mon, 2008-08-25 at 10:09 +0200, Thijs Kinkhorst wrote:
> On Sunday 24 August 2008 22:00, Steve Langasek wrote:
> > Please take responsibility for providing the missing information to the
> > package maintainers, and for correcting the false positives that you've
> > filed.
> Yes, please. I think the only way the damage of this bad bug filing can be 
> mitigated is if you, Dmitry, review all bugs you filed and provide for each 
> bug the exact piece of code that you think has the problem and an assessment 
> of the exploitability in the context of the specific package.
> I expect you start working on this immediately?

One further suggestion - use usertags. You should make it easy for
others to check the overview of the mass bug filing by using usertags in
the BTS to create a single page that lists all the bugs and only the
bugs from the mass bug filing.


Neil Williams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: