Re: [Podofo-users] another bunch of crashes

Thu, 30 Mar 2017 04:53:44 -0700 

On Thu, 2017-03-30 at 11:06 +0000, Mark Rogers wrote:
> Is there any way to use SourceForge tickets just for security bugs?

        Hi,
if the folks are not used to issue tracker then having "only for
certain type of issues" would not work, I'm afraid. Not talking that
you cannot teach outer audience about when to use it and when not.

> It looks like some CVEs have been fixed, some CVE patches rejected,
> but there’s no way from the mailing list to tell which CVEs have been
> fixed because most of the mailing list and commit messages don’t
> reference the CVEs.

Right. It had been just a coincidence that two people here reported one
same issue and I happen to fix it without the reference (also because I
didn't use Agostino's reference, but that other person's).

I had a private chat with Agostino on Tuesday, he asked me to drop a
commit link to his blog post when the change references one of those
issues, from which I understood that he'll update the Debian summary
page (link given earlier in this thread).

> At the moment it’s hard even to contribute patches because there’s no
> way to tell which CVEs are fixed, which are being worked on, and
> which are still outstanding.

All except "which are being worked on" is on the Debian summary page.
Even I plan to look on them, then I do not know when, thus I do not do
any false promises, time lines, nothing like that. I'll surely check
the Debian page first, and also this list for any outstanding patches,
before starting on anything.

> If SourceForge tickets don’t work is there another alternative , for
> example, an empty GitHub repo with an issue tracker?

No, please do not. You give false expectations to the users and
possible contributors, which is harmful for the project itself.

        Bye,
        zyx

-- 
http://www.litePDF.cz                                 i...@litepdf.cz

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to