[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting 1.2K crashes

On Wed, Jun 26, 2013 at 5:37 AM, Alexandre Rebert
<alexandre.rebert@gmail.com> wrote:
> Hi,
>> I understand. But two weeks might be a bit too short for the majority
>> of those crashes. Many upstream authors don't get paid for working on
>> their software.
> I first want to clarify the purpose of the two-week delay to make sure
> we are on the same page.We do not expect upstream developers to fix
> the bugs in that time frame. The two-week delay allows developers to
> assess the bugs' seriousness. If the bug is security critical and two
> weeks is too short to patch it, they can contact us and we'll gladly
> delay the public disclosure further. If the bug is not security
> critical however, then I do not see any reason not to submit it on the
> BTS.
> If you believe that the delay is too short nonetheless, we can
> definitely extend it. What would be a reasonable of time for
> developers to review the bugs then?
> Thanks,
> The Mayhem Team
> Cylab, Carnegie Mellon Univeristy

I wonder whether you have checked where the crash is caused, you have
sent several mails to me for every binary in your test run, but in
dmesg.txt you provided all of them are from the very same library.
This will cause lots of duplicates, and it seems feasible for you to
merge them and make the report more accurate.

Aron Xu

Reply to: