Re: Getting started
On Tue, Jul 26, 2011 at 02:57:37PM -0700, Johnathan Ritzi wrote:
> As a followup: what amount of "checking" should be done before marking an
> issue as fixed? Is a changelog entry by the maintainer saying that CVE/bug
> has been fixed enough? Or do people on this list research the vulnerability
> itself, check the code, and confirm that the patch actually fixes the issue
> (regardless of claims by the maintainer)?
Everyone is encouraged to double-check the patches, which have been applied,
but in general a changelog entry from the maintainer is sufficient.
Cheers,
Moritz
Reply to: