This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: US-CERT Vulnerability Note VU#162289

From: David Miller <davem at davemloft dot net>
To: crd at cert dot org
Cc: mark at codesourcery dot com, Joe dot Buck at synopsys dot COM, rcs at cert dot org, gcc at gcc dot gnu dot org, cert at cert dot org
Date: Wed, 23 Apr 2008 05:42:28 -0700 (PDT)
Subject: Re: US-CERT Vulnerability Note VU#162289
References: <480F22FA.3020502@cert.org> <20080423.050320.58468179.davem@davemloft.net> <480F2D77.20104@cert.org>

From: Chad Dougherty <crd@cert.org>
Date: Wed, 23 Apr 2008 08:37:11 -0400

> David Miller wrote:
> > How, may I ask, did that policy apply to the GCC "vendor"
> > when this all got started?
> 
> Our own testing of multiple versions of gcc on multiple platforms and 
> subsequent confirmation by Mark that it was intentional, desired 
> behavior.  This all occurred prior to even the initial version of the note.

CERT is asking these vendors for "approval" for the text they will add
mentioning anything about their product.  That's the bit I'm talking
about.

They are getting protection and consideration that was not really
afforded to GCC.

CERT treated GCC differently.

Follow-Ups:
- Re: US-CERT Vulnerability Note VU#162289
  - From: Chad Dougherty

References:
- Re: US-CERT Vulnerability Note VU#162289
  - From: Chad Dougherty
- Re: US-CERT Vulnerability Note VU#162289
  - From: David Miller
- Re: US-CERT Vulnerability Note VU#162289
  - From: Chad Dougherty

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]