[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

Michael Richardson mcr at sandelman.ca
Mon Nov 24 13:25:28 EST 2014

Michal Sekletar <msekleta at redhat.com> wrote:
    >> Guy Harris <guy at alum.mit.edu> wrote: > (I'm fine with making it the
    >> Official Home if Michael chooses to do so.  > I've managed to cope
    >> with the workflow changes required when > libpcap/tcpdump switched to
    >> Git, when Wireshark switched to Git, and > when Wireshark switched to
    >> Git+Gerrit, with the aid of some time spent > with a porcelain kiln,
    >> so I can probably spend a little more time > firing the clay and
    >> glaze, if necessary, if libpcap/tcpdump switches to > using
    >> GitHub. :-))
    >> What I'm hearing is that using git is confusing, because it allows
    >> tcpdump to exist on more than one person's laptop at a time.

    > I don't agree. Rather what are you hearing is a request that code
    > should appear in master branch on GitHub with reasonable time delay.

So, it happens occasionally that developers' forget to push, and it stays on
their laptop.  How is this any different?

    > There are two options, make bpf.tcpdump.org sync with GitHub after
    > every commit or do development on GitHub only. Or the other way around,

It pushes every single night: it seems that it failed to push a new branch.
bpf.tcpdump.org has issues on occasion --- many people, including some
distros, are hesistant about relying on github.  I think you are exagerating
how often bpf.tcpdump.org has been unavailable.

I don't really want to put *all* my eggs on github.

    > I don't care. But given questionable reliability of bpf.tcpdump.org
    > (IIRC there were numerous outages for longer time periods in the past)

There were a few outages from Sunday night to Monday morning.

    > I don't care what people do in their private repos, but having two
    > "main" repos for tcpdump/libpcap is confusing and doesn't bring any
    > benefit whatsoever. Or am I missing some obvious benefit of current
    > solution.

Yeah, when github gets p0wned again, or goes offline again, or their database
gets confused about which fork is the lead and which fork is the "child"...
[for a few months, the "master" repo you speak of, was listed as a child
of some random other user]

]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 

More information about the tcpdump-workers mailing list