Daniel Franke <dfoxfra...@gmail.com>: > Well, that was scary and a little overwhelming but it turns out we're > in remarkably good shape: I've now merged patches for what look to be > the only three out of the eleven issues that impact us, and two of > those only dubiously qualify as vulnerabilities at all. Before I ask > Mark to tag a release I need to take a second look at couple of these > and then write release notes, but if you're already running a git > snapshot of NTPsec then now's a fine time to pull.
Mark, the thing to emphasize in talking to LF and others is that 8 out of those 11 CVEs didn't affect us because we had *already removed the attack surface*. This is really vindicating our approach of aggressively chiseling off misfeatures and cruft as a way to improve security. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a> _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel