tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

From: Guy Harris <guy () alum mit edu>
Date: Mon, 24 Nov 2014 13:52:17 -0800

On Nov 24, 2014, at 1:24 PM, Denis Ovsienko <denis () ovsienko info> wrote:


So the problem is to let GitHub do its good things to tcpdump yet to protect from the bad ones. To me it seems that 
for the next few years the best balance between survivability and convenience would be in continuing to use both 
GitHub and bpf.tcpdump.org, but with one important change. The changes should normally be committed to GitHub 
instance only, as that's currently the environment that is most convenient for contributors of varying levels of 
experience. Then bpf.tcpdump.org would not experience auto-merging difficulties any more and with the two 
repositories being 100% identical


What mechanism would be used to ensure that any change committed to GitHub will be pushed/pulled to bpf.tcpdump.org in 
a timely fashion when possible (with catchup pushes/pulls if it becomes impossible for a while due to some problem)?


the read-only choice between the two will become again purely theoretical and a matter of taste.


But doesn't "The changes should normally be committed to GitHub instance only" mean that the bpf.tcpdump.org repository 
should be treated as read-only for contributors - presumably including core contributors?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: