Giovanni Tirloni wrote:
> I'm not sure how the process for reporting security bugs and getting them
> fixed works today for OpenSolaris. Can the community provide that service
> (/updates and /security repositories) or is the information behind closed
> doors that we wouldn't be able to do that even if we wanted ?
Once fixes are made, the source changes for those fixes are available in the
same way as any other code changes. The bug reports are kept behind closed
doors though - the Sun bug database is designed (from long before OpenSolaris
days) to never let any security bug information go outside Sun, and has no
concept of "This bug is now public".
Of course, for all the ones we're just passing through fixes from the community,
like Firefox or OpenSSL, our bug database information is usually not much more
than a pointer to the upstream bug report/advisory and information about where
we applied their fixes.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Platform Engineering: X Window System
_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
