This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Policy for posting security bug reports?

From: Mike Frysinger <vapier at gentoo dot org>
To: libc-alpha at sourceware dot org
Cc: Petr Baudis <pasky at ucw dot cz>,Rich Felker <dalias at aerifal dot cx>
Date: Sat, 23 Jun 2012 18:31:17 -0400
Subject: Re: Policy for posting security bug reports?
References: <20120623010836.GA2651@brightrain.aerifal.cx> <20120623135551.GF24309@machine.or.cz>

On Saturday 23 June 2012 09:55:51 Petr Baudis wrote:
> On Fri, Jun 22, 2012 at 09:08:36PM -0400, Rich Felker wrote:
> > I first asked Carlos about this off-list, and he suggested it should
> > be discussed on-list. What is the policy (or what should it be) for
> > posting security-related bugs to the bug tracker and/or list?
> 
>   I'd like to ask people familiar what other GNU projects, what is the
> policy there? E.g. for gcc, binutils (probably not too many security
> bugs in these two), coreutils, ...?

gcc & binutils pretty explicitly don't have security paths.  bugs are bugs to 
them.  probably because it's fairly easy to crash them, and they don't get run 
in the same situations as the C library.
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: Policy for posting security bug reports?
  - From: Rich Felker
- Re: Policy for posting security bug reports?
  - From: Florian Weimer

References:
- Policy for posting security bug reports?
  - From: Rich Felker
- Re: Policy for posting security bug reports?
  - From: Petr Baudis

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]