[tcpdump-workers] Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?
guy at alum.mit.edu
Mon Nov 24 14:22:44 EST 2014
On Nov 24, 2014, at 10:25 AM, Michael Richardson <mcr at sandelman.ca> wrote:
> Michal Sekletar <msekleta at redhat.com> wrote:
>> I don't agree. Rather what are you hearing is a request that code
>> should appear in master branch on GitHub with reasonable time delay.
> So, it happens occasionally that developers' forget to push, and it stays on
> their laptop. How is this any different?
What I have on my laptop isn't official - and isn't available to anybody else. Think of it as a collection of temporary personal forks, each of which will be eliminated when I either abandon it by deleting the tree or push it to bpf.tcpdump.org. It has nothing to do with official libpcap/tcpdump.
For bpf.tcpdump.org and GitHub, however, they're both publicly available; if somebody wants to know what's in the official repository, where should they look?
>> There are two options, make bpf.tcpdump.org sync with GitHub after
>> every commit or do development on GitHub only. Or the other way around,
> It pushes every single night: it seems that it failed to push a new branch.
New branch? The trunk on GitHub doesn't, for example, show my checkins for the CVEs in question, unless I'm missing something. That wasn't on a new branch.
And changes made on GitHub - such as the changes that result from merging pull requests on GitHub - require manual pulling to get them onto bpf.tcpdump.org.
More information about the tcpdump-workers