Daniel Franke <dfoxfra...@gmail.com>:
> Well, that was scary and a little overwhelming but it turns out we're
> in remarkably good shape: I've now merged patches for what look to be
> the only three out of the eleven issues that impact us, and two of
> those only dubiously qualify as vulnerabilities at all. Before I ask
> Mark to tag a release I need to take a second look at couple of these
> and then write release notes, but if you're already running a git
> snapshot of NTPsec then now's a fine time to pull.
Mark, the thing to emphasize in talking to LF and others is that 8 out
of those 11 CVEs didn't affect us because we had *already removed the
attack surface*. This is really vindicating our approach of aggressively
chiseling off misfeatures and cruft as a way to improve security.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
