Page MenuHomePhabricator

ytrezq (Laël Cellier)
UserEmail Not Verified

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Apr 23 2016, 4:02 PM (413 w, 5 d)
Availability
Available

Recent Activity

Apr 23 2016

ytrezq added a comment to T10832: Evaluate Git remote execution vulnerabilities with 2GB pathnames.

Broadly, I lean toward this policy going forward:

  • When we can perform an accurate test for the vulnerability in a reasonable amount of time/effort and tell you that you are definitely vulnerable (as with Shellshock), we will continue to do so with an active setup warning.
  • When we can not perform such a test (as here), we will publish guidance and note the issue in the changelog, but will not attempt to guess if the installed version may be vulnerable because this test will frequently be confusing/misleading/wrong.
  • We can re-evaluate this after T5055, which may give us a wider range of tools for providing more accurate vulnerability notifications.
Apr 23 2016, 4:53 PM · Ops, Git, Phacility, Security