[asterisk-dev] What happened with the latest round of releases: or, "whoops"
Steven Howes
steve-lists at geekinter.net
Fri Jun 13 04:41:33 CDT 2014
On 13 Jun 2014, at 08:12, Matthew Jordan <mjordan at digium.com> wrote:
> Apologies if this e-mail gets a bit rambling; by the time I send this it will be past 2 AM here in the US and we've been scrambling to fix the regression caused by r415972 without reintroducing the vulnerability it fixed for the past 9 hours or so.
>
> Clearly, there are things we should have done better to catch this before the security releases went out yesterday. The regression was serious enough that plenty of tests in the Test Suite caught the error - in fact, development of a test on a local dev machine was how we discovered that the regression had occurred.
I’ve not been directly involved with the whole commit/testing procedure, so excuse me if I’m misreading anything..
If it fails the tests, how was it released? I understand the whole reduced transparency/communications thing, it’s an unfortunate necessity of dealing with security issues. I can’t see how that excludes the testing carried out by the Test Suite though?
Kind regards,
Steve
More information about the asterisk-dev
mailing list