[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618026: ibid: Ibid 0.1.1 contains 3 security fixes

On Tue, 2011-09-20 at 12:33 +0200, Stefano Rivera wrote:
> Hi Adam (2011.09.17_18:09:13_+0200)
> > One quick question - doesn't this change:
> > 
> > +    - logfile-visibility-567576.patch: Channels must be explicitly configured
> > +      to have publicly readable logs. (LP: #567576)
> > 
> > have the potential to at least confuse users who are expecting the logs
> > to be created in a publicly readable manner?
> Yes. This was the simplest fix to the problem, and probably how things
> should have been from the start.
> I don't think there is a regression-free fix to the bug, as the bot
> cannot know whether it is speaking to a public channel or a private
> message, when it speaks first. (Even on IRC, not all channels are
> required to have names starting with #)

Yeah, I can see the problem.  I just wonder if there's some way we can
reduce the number of "why can't I see my logs any more" bugs as a result
(preferably to none).

We could mention it explicitly in the point release announcement mail,
but I'm not sure how many people actually read those.



Reply to: