From: "Randall S. Becker" <rsbecker@nexbridge.com>
To: "'Jonathan Nieder'" <jrnieder@gmail.com>
Cc: <git@vger.kernel.org>
Subject: RE: [Question] Documenting platform implications on CVE to git
Date: Fri, 6 Oct 2017 19:34:19 -0400 [thread overview]
Message-ID: <005b01d33efb$a5668870$f0339950$@nexbridge.com> (raw)
In-Reply-To: <20171006225049.GA19555@aiede.mtv.corp.google.com>
-----Original Message-----
On October 6, 2017 6:51 PM, Jonathan Nieder wrote
>Randall S. Becker wrote:
>> I wonder whether there is some mechanism for providing official
>> responses from platform ports relating to security CVE reports, like
CVE-2017-14867.
>This question is too abstract for me. Can you say more concretely what you
are trying to do?
>E.g. are you asking how you would communicate to users of your port that
CVE-2017-14867
?does not apply to them? Or are you asking where to start a conversation
about
>who a bug applies to? Or something else?
The first one, mostly. When looking at CVE-2017-14867, there are places like
https://nvd.nist.gov/vuln/detail/CVE-2017-14867 where the issue is
discussed. It provides hyperlinks to various platform discussions.
Unfortunately for me, I am not an HPE employee - and even if I was, there is
no specific site where I can publicly discuss the vulnerability. I'm looking
to the group here for advice on how to get the word out that it does not
appear to apply to the HPE NonStop Git port. The question of where to best
do that for any CVE pertaining to git as applicable to the NonStop Port is
question #1.
Question #2 - probably more relevant to the specific issue and this group -
is whether the vulnerability is contained to Git's use of Perl SCM and since
NonStop's Perl does not support SCM, the vulnerability may not be relevant,
but I'm not really enough of a Perl guru to make that determination.
Cheers,
Randall
-- Brief whoami: NonStop&UNIX developer since approximately
UNIX(421664400)/NonStop(211288444200000000)
-- In my real life, I talk too much.
next prev parent reply other threads:[~2017-10-06 23:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-06 13:28 [Question] Documenting platform implications on CVE to git Randall S. Becker
2017-10-06 22:50 ` Jonathan Nieder
2017-10-06 23:34 ` Randall S. Becker [this message]
2017-10-06 23:44 ` Jonathan Nieder
2017-10-07 0:04 ` Randall S. Becker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005b01d33efb$a5668870$f0339950$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).