On 01/15/2014 07:32 AM, Michal Privoznik wrote: > On 14.01.2014 17:53, Eric Blake wrote: >> Mitre tried to assign us two separate CVEs for the fix for >> https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the >> grounds that the fixes were separated by more than an hour >> and thus triggered different hourly snapshots. But we >> explicitly do NOT want to treat transient security bugs as >> CVEs if they can only be triggered by patches in libvirt.git >> but where the problem is cleaned up before a formal release. >> >> Meanwhile, I noticed that while our wiki mentioned maintenance >> branches and releases, our formal documentation did not. >> >> * docs/downloads.html.in: Contrast hourly snapshots with >> maintenance branches. >> >> Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> >> --- >> >> Doc only, so suitable for 1.2.1 if it gets reviewed in time. > > ACK & safe for the upcoming release. Thanks; pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list