[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: release bugs [was Re: Processed: enriched.el code execution]
From: |
Eli Zaretskii |
Subject: |
Re: release bugs [was Re: Processed: enriched.el code execution] |
Date: |
Thu, 07 Sep 2017 18:03:28 +0300 |
> Cc: address@hidden
> From: Paul Eggert <address@hidden>
> Date: Wed, 6 Sep 2017 23:30:15 -0700
>
> Eli Zaretskii wrote:
> > Or maybe we could discuss the criteria for blocking bugs, and if
> > agreed, no further discussions would be necessary.
>
> This particular bug involved remote code execution by visiting an email
> attachment. Any security hole this serious should be blocking. It doesn't
> matter
> that the bug has been around for a while, as the bug is known now and is
> likely
> to be exploited by anyone who cares to attack Emacs users. I'm surprised that
> there was controversy about this case, as the bug really should be fixed as
> soon
> as we reasonably can, or in any event before the next release.
There's no controversy regarding the need to fix serious security
bugs, such as this one. However, marking a bug as blocking doesn't
fix it, only code changes will fix it. If this bug is indeed deemed
urgent by the community, it will be fixed very soon, and in that case
blocking the next release, which will not happen tomorrow or the next
week, is meaningless. OTOH, if the bug will remain unfixed till we
are ready to release Emacs 26.1, in, like, 6 months, then it means
fixing it is not deemed important, and blocking the release for it
makes no sense.
- release bugs [was Re: Processed: enriched.el code execution], Glenn Morris, 2017/09/06
- Re: release bugs [was Re: Processed: enriched.el code execution], Eli Zaretskii, 2017/09/06
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], John Wiegley, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution],
Eli Zaretskii <=
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/07
- Re: release bugs [was Re: Processed: enriched.el code execution], Eli Zaretskii, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Paul Eggert, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Fabrice Popineau, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Óscar Fuentes, 2017/09/08
- Re: release bugs [was Re: Processed: enriched.el code execution], Richard Stallman, 2017/09/09
- Re: release bugs [was Re: Processed: enriched.el code execution], Fabrice Popineau, 2017/09/09
- Re: enriched.el code execution, Reiner Steib, 2017/09/07
- Re: enriched.el code execution, Paul Eggert, 2017/09/07