On 13 Jun 2014, at 08:12, Matthew Jordan <[email protected]> wrote: > Apologies if this e-mail gets a bit rambling; by the time I send this it will > be past 2 AM here in the US and we've been scrambling to fix the regression > caused by r415972 without reintroducing the vulnerability it fixed for the > past 9 hours or so. > > Clearly, there are things we should have done better to catch this before the > security releases went out yesterday. The regression was serious enough that > plenty of tests in the Test Suite caught the error - in fact, development of > a test on a local dev machine was how we discovered that the regression had > occurred.
I’ve not been directly involved with the whole commit/testing procedure, so excuse me if I’m misreading anything.. If it fails the tests, how was it released? I understand the whole reduced transparency/communications thing, it’s an unfortunate necessity of dealing with security issues. I can’t see how that excludes the testing carried out by the Test Suite though? Kind regards, Steve -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
