Re: Getting started

To: Johnathan Ritzi <jrdioko@gmail.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Getting started
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 27 Jul 2011 00:05:10 +0200
Message-id: <[🔎] 20110726220510.GA19347@pisco.westfalen.local>
In-reply-to: <[🔎] CAKHynEdr9B0XEZmRQB6pDcH4gL6+MFqD2tRo75eFRtfb1+f7+g@mail.gmail.com>
References: <[🔎] CAKHynEf+t1shvgoaZQ2SoDgzANcM1e9w5HPvJHOFWknA-trobw@mail.gmail.com> <[🔎] 20110723145515.GA8979@inutil.org> <[🔎] CAKHynEdr9B0XEZmRQB6pDcH4gL6+MFqD2tRo75eFRtfb1+f7+g@mail.gmail.com>

On Tue, Jul 26, 2011 at 02:57:37PM -0700, Johnathan Ritzi wrote:
> As a followup: what amount of "checking" should be done before marking an
> issue as fixed? Is a changelog entry by the maintainer saying that CVE/bug
> has been fixed enough? Or do people on this list research the vulnerability
> itself, check the code, and confirm that the patch actually fixes the issue
> (regardless of claims by the maintainer)?

Everyone is encouraged to double-check the patches, which have been applied,
but in general a changelog entry from the maintainer is sufficient.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Getting started
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- Getting started
  - From: Johnathan Ritzi <jrdioko@gmail.com>
- Re: Getting started
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Getting started
  - From: Johnathan Ritzi <jrdioko@gmail.com>

Prev by Date: Re: Getting started
Next by Date: Re: Getting started
Previous by thread: Re: Getting started
Next by thread: Re: Getting started
Index(es):
- Date
- Thread