On 03/18/2013 06:07 PM, Ben Reser wrote:
> I think we should produce advisories for all vulnerabilities in
> Subversion.
+1. (Which, in response to such a thorough email, feels about the same as
"me too!". But I really did read and comprehend your mail, I swear!)
--
C. Michael Pilato
CollabNe
It's been a relatively long standing policy of the project to not
generate security advisories for low risk denial of service attacks.
I've seen several rationales used over the time for these. Most
notably:
* You need commit access to the repository.
* There are easier ways to DoS
2 matches
Mail list logo
