From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
To: cygwin-apps@cygwin.com
Subject: Re: Handling a Cygwin-specific security vulnerability
Date: Thu, 22 Apr 2021 09:32:55 -0600 [thread overview]
Message-ID: <30809218-d5f1-ac2b-0a27-2b9ff257acd1@SystematicSw.ab.ca> (raw)
In-Reply-To: <CA+kUOakbXgBS3B9zPVnmBgGFT9NxD4fy-6xyDorwCHhONgQzDA@mail.gmail.com>
On 2021-04-22 07:14, Adam Dinwoodie wrote:
> I've just been informed off-list that there's a Cygwin-specific
> security vulnerability in one of the packages I maintain. I'm
> reluctant to go into details on a public list, but I'd also appreciate
> some support in the best way to manage this to get patches out without
> exposing package users to unnecessary security risk.
>
> I'm already working with the upstream to find an appropriate patch,
> and I think I have at least a reasonable handle on best practices for
> releasing this sort of patch, but I'd appreciate being able to talk
> over the specifics with someone (singular or plural) with more
> experience of handling this sort of situation.
>
> Is there any way I can get that sort of support from the maintainer community?
Might want to repeat this on the cygwin-developers list.
Andrew Schulman recently released a security update to stunnel and has in the
past, and some of the RedHatters may have experience: CV, YS, EB, JJ.
DM in this case is necessary and likely acceptable.
Avoid any J. Random Hacker who replies as being interested to help.
In general, trust only those whose keys you'd sign with ultimate trust. ;^>
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
prev parent reply other threads:[~2021-04-22 15:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-22 13:14 Adam Dinwoodie
2021-04-22 15:32 ` Brian Inglis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30809218-d5f1-ac2b-0a27-2b9ff257acd1@SystematicSw.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).