This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Consensus: Security Hall of Fame, Security issue attributions, NEWS, and Contribution Checklist.
- From: Roland McGrath <roland at hack dot frob dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: Carlos O'Donell <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>, Florian Weimer <fweimer at redhat dot com>, Aurelien Jarno <aurelien at aurel32 dot net>, Mike Frysinger <vapier at gentoo dot org>, Allan McRae <allan at archlinux dot org>, Siddhesh Poyarekar <sid at reserved-bit dot com>, Andreas Schwab <schwab at suse dot de>, "Dmitry V. Levin" <ldv at altlinux dot org>, Khem Raj <raj dot khem at gmail dot com>, Adam Conrad <adconrad at 0c3 dot net>
- Date: Wed, 21 Oct 2015 13:39:07 -0700 (PDT)
- Subject: Re: Consensus: Security Hall of Fame, Security issue attributions, NEWS, and Contribution Checklist.
- Authentication-results: sourceware.org; auth=none
- References: <5627D1F7 dot 8030908 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1510212023070 dot 7778 at digraph dot polyomino dot org dot uk>
> Rather than the suggested NEWS section I'd rather say that each bug with a
> CVE gets its own entry in the NEWS file (in addition to the general list
> of fixed bugs) and that those entries credit the reporter.
That sounds proper to me. There would be nothing wrong with making each
release's NEWS page group all the CVE bugs together with a heading.