On Wed, 2014-03-05 at 15:22 +0800, Ed Greshko wrote: > On 03/05/14 15:00, Adam Williamson wrote: > > On Tue, 2014-03-04 at 23:14 -0500, Jonathan Calloway wrote: > >> Can you please provide direction on how to test this, specifically for this bug? > >> > >> Jonathan Calloway > > Just ensuring it doesn't break any dependent apps would be useful. I > > don't know offhand how to check the actual vulnerability has been > > correctly fixed, but as long as the update doesn't actually make > > anything *worse*, we can't hurt anything by getting it to stable ASAP, > > and I'm kinda figuring the RH security folks have verified the > > vulnerability fix already. > > Besides, maybe telling folks who don't know how to exploit the > vulnerability isn't such a good idea? :-) :-) That's 'security by obscurity', which is no security at all in the case of a publicly disclosed vulnerability. Trying to obfuscate the issue for some specific sub-culture once a comprehensive public description available is just silly. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
