[openssl-dev] On release pre announcements
Richard Moore
richmoore44 at gmail.com
Thu Jul 9 12:54:12 UTC 2015
On 9 July 2015 at 12:21, Salz, Rich <rsalz at akamai.com> wrote:
>
> > it would also be nice to have a bug-ID/CVE to track and organize the
> > upgrades.
>
> The concern is that people would then start trying to find the CVE
> descriptions which aren't available yet.
>
>
Given that NVD is generally quite slow to get the descriptions (usually a
day or two after an advisory is released) that might not be a problem. It
would make it easier to search bug trackers etc. though. If we just had the
CVSS base vector then there'd be no real risk but people could make more
informed decisions.
Cheers
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150709/6f7e7206/attachment.html>
More information about the openssl-dev
mailing list