|
|
|
|
|
|
by elsjaako
1009 days ago
|
|
|
It means that there are bug fixesall the time, but most of the time no one sorts these into "security" and "non-security" categories. I remember a message (I can't find it back right now) where this is explained. Basically the thinking is that a lot of bugs can be used to break security, but sometimes it takes a lot of effort to figure out how to exploit a bug. So you have some choices: * Research every bug to find out the security implications, which is additional work on top of fixing the bug. * Mark only the bugs that have known security implications as security fixes, basically guaranteeing that you will miss some that you haven't researched. * Consider all bugs as potentially having security implications. This is basically what they do now. |
|
|