On Mon, 2008-08-25 at 10:09 +0200, Thijs Kinkhorst wrote: > On Sunday 24 August 2008 22:00, Steve Langasek wrote: > > Please take responsibility for providing the missing information to the > > package maintainers, and for correcting the false positives that you've > > filed. > > Yes, please. I think the only way the damage of this bad bug filing can be > mitigated is if you, Dmitry, review all bugs you filed and provide for each > bug the exact piece of code that you think has the problem and an assessment > of the exploitability in the context of the specific package. > > I expect you start working on this immediately?
It might be best to first downgrade (if not close) all bugs filed under the first attempt so that packages are not removed from testing in the time it will take to reassess the actual risk from the pattern matches. Once you have added to the bug report specific information on the precise piece of code that can be shown to be used in the normal use of the program and in such a way as to be available, by default, on a multi-user system, then you can think about raising the severity again. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
signature.asc
Description: This is a digitally signed message part
