Re: Call for Community Feedback: Guidance on Reporting Protocol Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/27/20 11:00 AM, Eliot Lear wrote:
I think what you are pointing out is that maybe it would help if these things were properly tracked against anything that would update or obsolete existing work.  We might even be able to automate the response along the lines of:

  • A working group is currently working on an update.  Please feel free to join in the fun at...
  • A working group is currently working on a replacement (e.g., obsolete). Please feel free to join in the fun at ...
  • No current update is in progress.  In addition to filing an erratum, we invite you to provide an update through our errata process, and perhaps through our standards process.  You can contact <insert AD here> for more information.

My impression is that errata has a pretty high barrier to entry if it's potentially controversial. There doesn't seem to be any easy mechanism to do a one off update that requires wg buy in to get enough eyeballs on the problem to make certain that the fix is correct. it's like you need something similar to a critical security update to your OS, say, which needs to be well vetted by the devs, but doesn't want to wait for the next point release.

If errata is that mechanism for something controversial, it's news to me. Mostly what i've seen with errata are minor fixes which the wg chair and/or authors can sign off easily.

Mike


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux