On 5/15/06, Eric Rostetter <rostetter@xxxxxxxxxxxxxxx> wrote:
Quoting Stephen John Smoogen <smooge@xxxxxxxxx>:
> Third, how expert are you (the patcher) on what the vulnerability is, > what the code is, and how you are 'stopping' the vulnerability from > being there. I'm not sure that should come into play per se.
Does this explain it better? If you are not familiar with the code base and having to figure out a backpatch by hand (e.g. there is no available one for that release, etc), then how sure are you that you have fixed the security problem without opening another security problem? -- Stephen J Smoogen. CSIRT/Linux System Administrator -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
