I am not prepared to vote on this.
First of all, I would need, on a private list where we can go into
details of security issues, to get a feeling for the seriousness of the
flaws in question. A denial of service is, in many contexts, less
serious than file corruption.
We may want to consider investigating the actual and proposed use-cases
for River before deciding this.
Do you feel any of the security flaws in question are release-blockers
for River 3.0? How long would fixing them first delay the release?
On 4/7/2016 12:36 PM, Peter wrote:
How do people on this project feel about security flaws?
Should we be fixing them?
I can provide evidence of vulnerabilities, I'm not proposing my fixes be
adopted.
Vote:
+1 Yes we should aim to fix security flaws.
0 don't care.
-1 No.
Regards,
Peter.
Sent from my Samsung device.