Tryton - Issues

 

Message18025

Author yangoon
Recipients ajacoutot, bch, ced, daniel, duesenfranz, nicoe, sharkcz
Date 2014-09-11.11:06:10
Content
> On 10 Sep 22:06, Mathias Behrle wrote:
> > > So for me,we can start the process of creating a security update.
> > 
> > Do you think, this is backportable for 2.2?
> 
> No more supported.

I know, that 2.2 is no more supported from Tryton side, but Debian supports at least stable releases for their lifetime. So I didn't ask you to do the backport, but to give a quick estimation.

> > > Do you think it requires a CVE?
> > 
> > Information leaked already via commit channel, so at least not via Debian.
> 
> Nothing really useful was leaked.

For me enough to not involve Debian. They assign only CVEs to complete non-disclosed issues. As a general guideline in Tryton I would propose to get a CVE for each bug of type security, that is handled with an embargo to the public (is handled with disclosure).
History
Date User Action Args
2014-09-11 11:06:11yangoonsetmessageid: <1410426371.65.0.608538353371.issue4155@tryton.org>
2014-09-11 11:06:11yangoonsetrecipients: + ced, bch, nicoe, sharkcz, daniel, ajacoutot, duesenfranz
2014-09-11 11:06:11yangoonlinkissue4155 messages
2014-09-11 11:06:10yangooncreate

Showing 10 items. Show all history (warning: this could be VERY long)