bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS 1.11.5 Released <strong>(Security Update)</strong>


From: Paul Edwards
Subject: Re: CVS 1.11.5 Released <strong>(Security Update)</strong>
Date: Tue, 21 Jan 2003 14:02:30 GMT

"Derek Robert Price" <address@hidden> wrote in message news:address@hidden
> Without going into too much detail, the vulnerability allows read-only
> CVS users to execute arbitrary code as the user the CVS server
> executable is running as.

Can you tell me whether these bugs are generally being introduced
by enhancements, or whether they are long-standing bugs, recently
uncovered?

I was wondering if rather than every release replacing one set
of bugs with another set of bugs, we could have a particular
version (maybe starting with 1.11.5), which will be continually
updated, with bug fixes only, even when version 1.14.17 has
just been released.

Basically have a version of CVS that is bug-free as far as anyone
knows.

And repeat this process every 4 years, so that the "genuinely"
stable version is eventually updated.  But those who want the
features only made available in the last 4 years are not
impacted at all.  But any bug fixes found, are retrofitted into
the last stable version.

Is this feasible?

BFN.  Paul.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]