oss-sec mailing list archives
Re: CVE Requests
From: Andreas Ericsson <ae () op5 se>
Date: Fri, 16 Mar 2012 11:26:58 +0100
On 03/16/2012 04:41 AM, Kurt Seifried wrote:
I need the actual info, please refer to: http://www.openwall.com/lists/oss-security/2012/03/16/2 http://www.openwall.com/lists/oss-security/2012/03/15/9 http://www.openwall.com/lists/oss-security/2012/03/14/6 http://www.openwall.com/lists/oss-security/2012/03/12/7
Those mails are all exemplary requests for CVE id's, ofcourse, but the fact that they are all already fixed and released means that 100% of the work is already done. At that point, assigning a CVE id is mostly useless and is done as a "just for the record" thing. The need for unified identifier for a particular issue is greatest when discussing the problem and its potential solutions; Not how someone actually solved it after it's already done. If CVE is to become a thing for changelogs only, all those projects that don't use one but rely on commit-messages instead won't use CVE id's at all, and the usefulness of the CVE database dwindles. -- Andreas Ericsson andreas.ericsson () op5 se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace.
Current thread:
- Re: CVE Requests, (continued)
- Re: CVE Requests Kurt Seifried (Mar 15)
- Re: CVE Requests Mark Stanislav (Mar 15)
- Re: CVE Requests Kurt Seifried (Mar 15)
- Re: CVE Requests Mark Stanislav (Mar 15)
- Re: CVE Requests Kurt Seifried (Mar 15)
- Re: CVE Requests Mark Stanislav (Mar 15)
- Re: CVE Requests Solar Designer (Mar 16)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 15)
- Re: CVE Requests Kurt Seifried (Mar 15)
- Re: CVE Requests Andreas Ericsson (Mar 16)
- Re: CVE Requests Adam D. Barratt (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Tim Brown (Mar 16)
- Re: CVE Requests Mark Stanislav (Mar 16)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Tim Brown (Mar 16)
- Re: CVE Requests Eugene Teo (Mar 18)
- Re: CVE Requests Kurt Seifried (Mar 16)
- Re: CVE Requests Andreas Ericsson (Mar 19)