[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

Guy Harris guy at alum.mit.edu
Mon Nov 24 14:22:44 EST 2014


On Nov 24, 2014, at 10:25 AM, Michael Richardson <mcr at sandelman.ca> wrote:

> Michal Sekletar <msekleta at redhat.com> wrote:
> 
>> I don't agree. Rather what are you hearing is a request that code
>> should appear in master branch on GitHub with reasonable time delay.
> 
> So, it happens occasionally that developers' forget to push, and it stays on
> their laptop.  How is this any different?

What I have on my laptop isn't official - and isn't available to anybody else.  Think of it as a collection of temporary personal forks, each of which will be eliminated when I either abandon it by deleting the tree or push it to bpf.tcpdump.org.  It has nothing to do with official libpcap/tcpdump.

For bpf.tcpdump.org and GitHub, however, they're both publicly available; if somebody wants to know what's in the official repository, where should they look?

>> There are two options, make bpf.tcpdump.org sync with GitHub after
>> every commit or do development on GitHub only. Or the other way around,
> 
> It pushes every single night: it seems that it failed to push a new branch.

New branch?  The trunk on GitHub doesn't, for example, show my checkins for the CVEs in question, unless I'm missing something.  That wasn't on a new branch.

And changes made on GitHub - such as the changes that result from merging pull requests on GitHub - require manual pulling to get them onto bpf.tcpdump.org.


More information about the tcpdump-workers mailing list