www/info
Rik Hemsley
rik at kde.org
Tue Oct 8 23:35:57 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
#if Neil Stevens
> On Tuesday October 08, 2002 02:19, Dirk Mueller wrote:
> > CVS commit by mueller:
> >
> > another two security advisories. Yay :-(
>
> So is it KDE's policy not to warn users when the problem is found,
> but only to let people know that their systems are vulnerable when
> the fix is released?
I made the fix for kpf within minutes of the vulnerability being reported.
The vulnerabilty was reported directly to me, on IRC.
Rest assured it will not happen again. I'm reviewing all patches from now
on, no matter how long anyone has been sending patches for kpf, I will
not allow them to commit without my approval.
Unfortunately I can't enforce this as strictly as I'd like, as there are no
ACLs on the code directories.
Please, nobody commit to kpf without asking first. It shares people's
files publically. To say that utmost care should be taken is an
understatement.
Rik
- --
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9o13N6rehpl6X9l0RAtH6AJsG20phuUtabKS2QbPCTSbWH5YRqQCfeWXV
e0sYy5GtxoDPsc2/taJmY0Q=
=W2CC
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list