[cosmo-dev] Cosmo 0.10.1 security risk addressed on Hub?
Mikeal Rogers
mikeal at osafoundation.org
Sat Dec 8 21:05:57 PST 2007
If I remember correctly;
Hub was patched for this issue as soon as a patch was available, Jared
didn't wait for the product release to finish before securing hub from
a public vulnerability just for the sake of getting a rubber stamped
0.10.1 version number.
I don't think hub was rebuilt again because 0.10.1 only included this
fix.
-Mikeal
On Dec 8, 2007, at December 8, 20077:47 PM, Brian Moseley wrote:
> On Dec 8, 2007 7:42 PM, Andre Mueninghoff <andre_mueninghoff at fastmail.fm
> > wrote:
>
>> Is this an unreasonable and/or unwarranted expectation? When a
>> security
>> risk is so publicly announced and analyzed, is a swift remedy not
>> reasonably expected?
>
> speaking for myself and not for OSAF, I don't think it's an
> unreasonable expectation. I was under the impression that Hub was
> going to be updated the night I fixed the bug. I unfortunately don't
> have any information as to when it will happen.
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
More information about the cosmo-dev
mailing list