[SMW-devel] Security backports
I recently noticed that a vulnerability we had fixed in SMW master hadn't been applied to any of the stable branches. We pushed it into the stable branches and merged it. This made us wonder how things were being handled, though. Are security fixes that go into master also applied in the stable branches? What's the security release process of SMW? - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
Hey, Until very recently we did not have stable branches to which we backported anything. This was mainly due to lack of dev manpower. With the last big release (1.8) we decided to try and maintain a branch to backport things to, which we named 1.8.x. The general notion here is to backport all non-trivial fixes that can easily be backported, esp if they are significant such as is always the case with security related bugs. Though that is the goal, we have only backported a limited number of things so far, and could do better. Then again, there are many other things we ought to do better, and only so little time people have. Personally I've been wanting to do a new minor release ever since the fix you are talking about, though have not found the time so far. We need more devs! :) Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
On Thu, May 16, 2013 at 3:06 PM, Jeroen De Dauw jeroended...@gmail.comwrote: Hey, Until very recently we did not have stable branches to which we backported anything. This was mainly due to lack of dev manpower. With the last big release (1.8) we decided to try and maintain a branch to backport things to, which we named 1.8.x. The general notion here is to backport all non-trivial fixes that can easily be backported, esp if they are significant such as is always the case with security related bugs. Though that is the goal, we have only backported a limited number of things so far, and could do better. Then again, there are many other things we ought to do better, and only so little time people have. Personally I've been wanting to do a new minor release ever since the fix you are talking about, though have not found the time so far. We need more devs! :) So... is the 1.8.x branch currently secure, or insecure? If it's insecure, what alternative is there? Using master isn't really an option as breaking changes land very often in SMW. - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
Hey, Great. So all security fixes in master are always backported here? They should be yes. If this does not happen, feel free to shout at me. I was basing this off of past experience, where wikis I managed were often broken due to SMW running trunk. If it does still break at some point, make some noise, and the fix/revert will probably arrive pretty quickly. Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
On Thu, May 16, 2013 at 3:43 PM, Jeroen De Dauw jeroended...@gmail.comwrote: Hey, Great. So all security fixes in master are always backported here? They should be yes. If this does not happen, feel free to shout at me. I was basing this off of past experience, where wikis I managed were often broken due to SMW running trunk. If it does still break at some point, make some noise, and the fix/revert will probably arrive pretty quickly. Sounds good. Thanks! - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel