Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

[Guy Harris <guy () alum mit edu>]

On Nov 24, 2014, at 10:25 AM, Michael Richardson <mcr () sandelman ca> wrote:

> Michal Sekletar <msekleta () redhat com> wrote:
>
> > I don't agree. Rather what are you hearing is a request that code
> > should appear in master branch on GitHub with reasonable time delay.
>
> So, it happens occasionally that developers' forget to push, and it stays on
> their laptop.  How is this any different?

What I have on my laptop isn't official - and isn't available to anybody else.  Think of it as a collection of 
temporary personal forks, each of which will be eliminated when I either abandon it by deleting the tree or push it to 
bpf.tcpdump.org.  It has nothing to do with official libpcap/tcpdump.

For bpf.tcpdump.org and GitHub, however, they're both publicly available; if somebody wants to know what's in the 
official repository, where should they look?

> > There are two options, make bpf.tcpdump.org sync with GitHub after
> > every commit or do development on GitHub only. Or the other way around,
>
> It pushes every single night: it seems that it failed to push a new branch.

New branch?  The trunk on GitHub doesn't, for example, show my checkins for the CVEs in question, unless I'm missing 
something.  That wasn't on a new branch.

And changes made on GitHub - such as the changes that result from merging pull requests on GitHub - require manual 
pulling to get them onto bpf.tcpdump.org.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers