Le mardi 24 mai 2011 à 10:07 +0200, Thierry Vignaud a écrit : > Hi > > We are currently shiping aria2-1.11.1. > > However latest version is 1.11.2 which slightly improve security when > using authenticated > media by hiding them from process viewers (ps, ...): > > http://sourceforge.net/news/?group_id=159897 > "The username and password specified in command-line are now masked with > "*" immediately after parsed, so that ps cannot show username and password." > > Since that does not happen for most users and since we don't provide auth > media, > that's not a immediate concern, so should we update for Mageia 1?
I would keep this as a update after the release is out ( like they 4 ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since yesterday. So maybe we could open bugs for this ? There is 2 proposal : - filling them on security, and have a saved search - creating a tracker bug I would be in favor of the tracker bug : - you can subscribe to it - it will be clearer ( as bugfixes are not security so we may miss some update to do ) - it doesn't pollute the list of saved search But as pascal said, a tracker bug requires that each bug to be linked to it, which is manual and error prone. Any opinion on this ( or a 3rd proposal ) ? -- Michael Scherer
