[arch-security] Openssl flaw

Allan McRae allan at archlinux.org
Tue Apr 8 09:23:45 EDT 2014


On 08/04/14 23:08, G. Schlisio wrote:
> Am 08.04.2014 12:04, schrieb Timothée Ravier:
>> On 08/04/2014 11:52, Allan McRae wrote:
>>> It was public for one day.  I added this column in the wiki for tracking
>>> the responsiveness of the packagers to handling security issues to see
>>> where we can improve.
>>
>> Ok, I'm adding a note on this and reverting back to ~1d time vulnerable.
>>
> the column is clearly named "time vulnerable", which is since march
> 2012. atm you seem to use it for the "time known" information.
> maybe add another column then, because a "time vulnerable" of more than
> 2 years means a totally other severity of such a bug than just a day.
> i think, this information should be easily visible.

Why?  Just list every piece of software since the day it was first
released.  That would be accurate.





More information about the arch-security mailing list