+1 On Jan 10, 2014, at 8:44 AM, Jeff Trawick <traw...@gmail.com> wrote:
> [X] It is mandatory to provide best available description and any available > tracking information when committing fixes for vulnerabilities to any branch, > delaying committing of the fix if the information shouldn't be provided yet. > > --/-- > > IMO it is not appropriate to let skilled attackers see a code change (which > they can analyze to determine if there is an impact that they can exploit) if > you are not going to make it possible for the general user community looking > at the same commit activity to decide if they need to take an action. > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/