Hi Debbie, > I know you mentioned that this patch addresses the most serious issues. > Are you continuing to work on covering remaining issues? Should expect > an additional patch for those less severe issues or finding d) the > changes needed to the RPM spec file example?
frankly I did not intend to address the further issues. I think somebody who is taking responsibility for the TrouSerS project should address them. There are decisions to be made that I, as a contributor, cannot easily make. Regarding the spec file(s), for example, one choice could be to completely remove it from the repository. It seems unlikely to me that any RPM based distribution will newly package TrouSerS any more. But I'm not involved with the history of them and any other dependencies there might exist. And one thing you should take care of is to communicate CVEs for at least issue a) and c). IBM is a CNA itself so I can't (or at least very much shouldn't) do that for you. Cheers Matthias
signature.asc
Description: PGP signature
_______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
