Testing request: gnutls update for F19
Adam Williamson
awilliam at redhat.com
Wed Mar 5 19:46:38 UTC 2014
On Wed, 2014-03-05 at 15:22 +0800, Ed Greshko wrote:
> On 03/05/14 15:00, Adam Williamson wrote:
> > On Tue, 2014-03-04 at 23:14 -0500, Jonathan Calloway wrote:
> >> Can you please provide direction on how to test this, specifically for this bug?
> >>
> >> Jonathan Calloway
> > Just ensuring it doesn't break any dependent apps would be useful. I
> > don't know offhand how to check the actual vulnerability has been
> > correctly fixed, but as long as the update doesn't actually make
> > anything *worse*, we can't hurt anything by getting it to stable ASAP,
> > and I'm kinda figuring the RH security folks have verified the
> > vulnerability fix already.
>
> Besides, maybe telling folks who don't know how to exploit the
> vulnerability isn't such a good idea? :-) :-)
That's 'security by obscurity', which is no security at all in the case
of a publicly disclosed vulnerability. Trying to obfuscate the issue for
some specific sub-culture once a comprehensive public description
available is just silly.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the test
mailing list