emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: release bugs [was Re: Processed: enriched.el code execution]

From: Eli Zaretskii
Subject: Re: release bugs [was Re: Processed: enriched.el code execution]
Date: Thu, 07 Sep 2017 18:03:28 +0300 
> Cc: address@hidden
> From: Paul Eggert <address@hidden>
> Date: Wed, 6 Sep 2017 23:30:15 -0700
> 
> Eli Zaretskii wrote:
> > Or maybe we could discuss the criteria for blocking bugs, and if
> > agreed, no further discussions would be necessary.
> 
> This particular bug involved remote code execution by visiting an email 
> attachment. Any security hole this serious should be blocking. It doesn't 
> matter 
> that the bug has been around for a while, as the bug is known now and is 
> likely 
> to be exploited by anyone who cares to attack Emacs users. I'm surprised that 
> there was controversy about this case, as the bug really should be fixed as 
> soon 
> as we reasonably can, or in any event before the next release.

There's no controversy regarding the need to fix serious security
bugs, such as this one.  However, marking a bug as blocking doesn't
fix it, only code changes will fix it.  If this bug is indeed deemed
urgent by the community, it will be fixed very soon, and in that case
blocking the next release, which will not happen tomorrow or the next
week, is meaningless.  OTOH, if the bug will remain unfixed till we
are ready to release Emacs 26.1, in, like, 6 months, then it means
fixing it is not deemed important, and blocking the release for it
makes no sense.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]