Ulf Harnhammar wrote:
> > In light of the current problems with upstream, maybe you could
> > stick a big note in capital letters enclosed in dashes, bars or
> > other significant characters at the top your your mail? Not sure
> > if that would help, but it may be worth a try.
>
> It is worth trying.
>
> Perhaps we should write a document about how we want upstream developers to
> behave? (Don't panic, wait until the release date, add CVE/CAN entry,
> anything else?)
Sounds good.
Here is what I can contribute out of the box:
CVE-2005-nnnn a unique identifier for a vulnerability in a software
package. The database behind this is maintained at MITRE's Common
Vulnerabilities and Exposures project <http://cve.mitre.org/cve/>.
Details for such an id are available after a few days of quarantaine
at <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-nnnn>.
Many vendors (both propriatery and Free Software) participate in this
database and assign the id to vulnerability reports or updates they
produce. These IDs help us security people generally for identifying
if a given package is fixed or if a given update fixes which problem.
Please mention this ID in the changelog and/or project announcements.
Regards,
Joey
--
This is GNU/Linux Country. On a quiet night, you can hear Windows reboot.
|
| 
