On Wed, 2014-03-05 at 15:22 +0800, Ed Greshko wrote:
On 03/05/14 15:00, Adam Williamson wrote:
> On Tue, 2014-03-04 at 23:14 -0500, Jonathan Calloway wrote:
>> Can you please provide direction on how to test this, specifically for this
bug?
>>
>> Jonathan Calloway
> Just ensuring it doesn't break any dependent apps would be useful. I
> don't know offhand how to check the actual vulnerability has been
> correctly fixed, but as long as the update doesn't actually make
> anything *worse*, we can't hurt anything by getting it to stable ASAP,
> and I'm kinda figuring the RH security folks have verified the
> vulnerability fix already.
Besides, maybe telling folks who don't know how to exploit the
vulnerability isn't such a good idea? :-) :-)
That's 'security by obscurity', which is no security at all in the case
of a publicly disclosed vulnerability. Trying to obfuscate the issue for
some specific sub-culture once a comprehensive public description
available is just silly.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net