[vote] should we fix security flaws?

[Peter <ji...@zeus.net.au>]

How do people on this project feel about security flaws?

Should we be fixing them? 

I can provide evidence of vulnerabilities, I'm not proposing my fixes be adopted.

Vote:

 +1 Yes we should aim to fix security flaws.
0 don't care.
-1 No.

Regards,

Peter.



Sent from my Samsung device.
 

[DISCUSS] [vote] should we fix security flaws?

[Patricia Shanahan <pa...@acm.org>]

I am not prepared to vote on this.

First of all, I would need, on a private list where we can go into 
details of security issues, to get a feeling for the seriousness of the 
flaws in question. A denial of service is, in many contexts, less 
serious than file corruption.

We may want to consider investigating the actual and proposed use-cases 
for River before deciding this.

Do you feel any of the security flaws in question are release-blockers 
for River 3.0? How long would fixing them first delay the release?

On 4/7/2016 12:36 PM, Peter wrote:
> How do people on this project feel about security flaws?
>
> Should we be fixing them?
>
> I can provide evidence of vulnerabilities, I'm not proposing my fixes be adopted.
>
> Vote:
>
>   +1 Yes we should aim to fix security flaws.
> 0 don't care.
> -1 No.
>
> Regards,
>
> Peter.
>
>
>
> Sent from my Samsung device.
>
>