This is the mail archive of the
mailing list for the glibc project.
Re: Requesting CVEs for glibc security issues
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Cc: Will Newton <will dot newton at linaro dot org>, Jeff Law <law at redhat dot com>, OndÅej BÃlka <neleai at seznam dot cz>, Florian Weimer <fweimer at redhat dot com>, Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 26 May 2014 10:21:56 -0400
- Subject: Re: Requesting CVEs for glibc security issues
- Authentication-results: sourceware.org; auth=none
- References: <CANu=DmjYiCT8NRbtdrXXrJtK_-mGRmsN+KUV50oEzaGY7tqn0Q at mail dot gmail dot com> <20140519092001 dot GG13048 at spoyarek dot pnq dot redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1405191530530 dot 25418 at digraph dot polyomino dot org dot uk> <20140519161201 dot GM13048 at spoyarek dot pnq dot redhat dot com>
On 05/19/2014 12:12 PM, Siddhesh Poyarekar wrote:
> In other words, it is a neat sounding idea, but I don't see it being
> useful in practice unless distributions actually start using point
> releases actively.
Right, and that's they key part of the ecosystem puzzle. As glibc
developers we should be working towards adopting the point releases
actively and working on them.
I'd like to lead by example and have Fedora adopt the point release
and work to push all Fedora-local patches into point releases.
We aren't doing that yet because, well, because glibc has a huge
maintenance backlog. We have few resources and those resources
right now are fixing bugs on master.