Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Requests
From: Andreas Ericsson <ae () op5 se>
Date: Fri, 16 Mar 2012 11:26:58 +0100

On 03/16/2012 04:41 AM, Kurt Seifried wrote:

I need the actual info, please refer to:

http://www.openwall.com/lists/oss-security/2012/03/16/2
http://www.openwall.com/lists/oss-security/2012/03/15/9
http://www.openwall.com/lists/oss-security/2012/03/14/6
http://www.openwall.com/lists/oss-security/2012/03/12/7


Those mails are all exemplary requests for CVE id's, ofcourse, but the
fact that they are all already fixed and released means that 100% of
the work is already done. At that point, assigning a CVE id is mostly
useless and is done as a "just for the record" thing.

The need for unified identifier for a particular issue is greatest
when discussing the problem and its potential solutions; Not how
someone actually solved it after it's already done. If CVE is to become
a thing for changelogs only, all those projects that don't use one
but rely on commit-messages instead won't use CVE id's at all, and the
usefulness of the CVE database dwindles.

-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault