Sorry for not answering promptly, I was occupied when you sent the message and then forgot about it.
Den tors 16 dec. 2021 kl 00:08 skrev Pavel Lyalyakin < pavel.lyalya...@visualsvn.com>: > On Thu, Dec 16, 2021 at 1:33 AM Mark Phippard <markp...@gmail.com> wrote: > >> On Wed, Dec 15, 2021 at 4:59 PM Pavel Lyalyakin >> <pavel.lyalya...@visualsvn.com> wrote: >> > >> >> > It seems that the list markup is wrong. There should be <ul> (unordered >> list) tag instead of <p> (paragraph). >> > Thanks for taking care of this in r1896016. > > >> > I also think that it makes sense to include links to the SVN Edge's >> page[1] and the announcement made by VisualSVN Team[2]. E.g., something >> like "some vendors have already announced that their distributions are not >> vulnerable to CVE-2021-44228". >> > >> > some vendors already announced that their distros are not vulnerable >> > >> > [1]: >> https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Log4Shell >> > [2]: >> https://www.visualsvn.com/company/news/visualsvn-products-are-not-affected-by-CVE-2021-44228 >> >> I am fine if we want to do this ... it was one of the reasons I added >> the page. That said, I tend to think we should not take this on as it >> creates a possible need for us to maintain this info and add to it >> over time. I am not sure we should do this as I think we want the >> vendors to own this responsibility. >> >> We should really be encouraging users to seek these answers from the >> place they are obtaining their Subversion server. >> >> Mark >> > > We don't need to maintain this particular text after it gets fully > reviewed and published. I assume that this is a news entry, not a wiki > page. It has a fixed date and time of publication. In this case it should > be absolutely fine to write, review and approve the text and never update > it unless strictly necessary. I think that the following wording could be > used: > [[[ > Subversion contributors suggest verifying with your vendor if the > distribution you use is vulnerable. At the time of writing, some vendors > have already announced that their distributions are not vulnerable to > CVE-2021-44228: > <list-of-relevant-pages> > ]]] > > At the same time, I think it is true that this text could live without any > links. > I didn't want to take it on us to maintain a list. PS I also think it would be best to first use the staging part of the > website to write the news entry. When done and reviewed, publish it to the > production site. > Ok, point taken! Kind regards, Daniel >
