I note that there are security fixes in these release's -- did I miss Chris' email about these patches or are we moving away from the model where we send out an email to the list a couple of days before release?
~Matt Walker Wikimedia Foundation Fundraising Technology Team On Thu, Feb 27, 2014 at 6:55 PM, Brian Wolff <[email protected]> wrote: > > * (bug 61346) SECURITY: Make token comparison use constant time. It seems > > like > > our token comparison would be vulnerable to timing attacks. This will > > take > > constant time. > > Not to be a grammar nazi, but that should presumably be something > along the lines of "Using constant time comparison will prevent this" > instead of "This will take constant time", as that could be > interpreted as the attack would take constant time. > > --bawolff > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
