On Tue, Dec 10, 2013 at 08:10:51PM -0500, Josh Boyer wrote: > On Tue, Dec 10, 2013 at 8:03 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote: > > Security processes are not something that should be hidden away in > > it's own private corner - if there's a problem upstream needs to > > take action on, then direct contact with upstream is necessary. We > > need to know about security issues - even ones that are classified > > post-commit as security issues - so we are operating with full > > knowledge of the issues in our code and the impact of our fixes.... > > Agreed. I'm going to interpret your comments at being directed to the > general audience because otherwise you're just shooting the messenger > :). Right, they are not aimed at you - they are aimed at those on the security side of the fence. I'm tired of learning about CVEs in XFS code through chinese whispers and/or luck. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
