Re: Should openssl publish the commit #'s that fixed each CVE?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The CVE itself contains the commit info.  Find it at cve.mitre.org

 

From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Ethan Rahn
Sent: Thursday, January 26, 2017 10:40 AM
To: openssl-users@xxxxxxxxxxx
Subject: [openssl-users] Should openssl publish the commit #'s that fixed each CVE?

 

Hello,

 

When looking a the latest security announcement, something that I notice is that it's hard to find the actual commits that fixed an issue. If you search git.openssl.org you can find some of them if they are mentioned in the change message, but it still requires some active effort.

 

Would it be a good idea for openssl to publish the commit(s) that fixed each CVE? It would make it easier to see what changed, which is great for

a.) backporting.

b.) satisfying curiosity of armchair cryptographers.

c.) better assessing an issue.

 

Cheers,

 

Ethan

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux