[cosmo-dev] Cosmo 0.10.1 security risk addressed on Hub?
Andre Mueninghoff
andre_mueninghoff at fastmail.fm
Sun Dec 9 12:17:54 PST 2007
Thanks much for checking into this and for your notes.
I want to apologize to everyone for my first cranky note...all I had to
go on was whatever the "About Chandler Hub" link was showing...Having
had the opportunity to meet and watch Pablos Holman (the hacker) in
action last week, my sensitivity to security was higher. He can quite
entertaining and alarming at the same time.
Andre
On Sat, 8 Dec 2007 21:05:57 -0800, "Mikeal Rogers"
<mikeal at osafoundation.org> said:
> If I remember correctly;
>
> Hub was patched for this issue as soon as a patch was available, Jared
> didn't wait for the product release to finish before securing hub from
> a public vulnerability just for the sake of getting a rubber stamped
> 0.10.1 version number.
>
> I don't think hub was rebuilt again because 0.10.1 only included this
> fix.
>
> -Mikeal
>
>
>
> On Dec 8, 2007, at December 8, 20077:47 PM, Brian Moseley wrote:
>
> > On Dec 8, 2007 7:42 PM, Andre Mueninghoff <andre_mueninghoff at fastmail.fm
> > > wrote:
> >
> >> Is this an unreasonable and/or unwarranted expectation? When a
> >> security
> >> risk is so publicly announced and analyzed, is a swift remedy not
> >> reasonably expected?
> >
> > speaking for myself and not for OSAF, I don't think it's an
> > unreasonable expectation. I was under the impression that Hub was
> > going to be updated the night I fixed the bug. I unfortunately don't
> > have any information as to when it will happen.
> > _______________________________________________
> > cosmo-dev mailing list
> > cosmo-dev at lists.osafoundation.org
> > http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
>
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
More information about the cosmo-dev
mailing list