Re: bugreport = free?
- From: houghi <houghi@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 08:45:32 +0100
Andreas Stieger wrote:
Hi,
Derk wrote:
I see that you have to create an account at Novell.com when one wants to
report a bug to Bugzilla. Is this seen as support that one has to pay for
or is submitting a bug found in openSUSE free of charge?
I submitted lots of bugs and never paid. The account you create is for the
bug tracking system and the openSUSE wiki.
And for the paranoid, you can fill in anything you desire. The main
thing is a working email adress. It is not as if the Novell Police will
be coming after you or something.
They just use the same system for their paying customers as well. Some
people will have access to different parts of the bugs. e.g. not all
securitybugs are open all the time.
There is an agreement between distributions that certain security
solutions will have a (I think 2 days) deleay, so that everybody in
every distribution can submit the patch at the same time, making it ery
hard to abuse.
e.g. if DistroX would come out with a patch for ssh on friday evening
_for an unknown bug_ then a cracker could abuse ity, reverse engineer
the patch and abuse other systems, while they are still working on the
solution.
If they just inform everybody and wait a bit. They bring out the patch
all together on mondaymorning. Much more secure, even tjough it is
security through obscurity.
houghi
--
houghi http://houghi.org http://www.plainfaqs.org/linux/
http://www.netmeister.org/news/learn2quote.html
.
Today I went outside. My pupils have never been tinier...
- References:
- bugreport = free?
- From: Derk
- Re: bugreport = free?
- From: Andreas Stieger
- bugreport = free?
- Prev by Date: Re: Pico on OpenSuse 10.3??
- Next by Date: Re: Unresolved dependencies
- Previous by thread: Re: bugreport = free?
- Index(es):
Relevant Pages
|
