Date: Thu, 03 Jul 2014 07:42:37 +0000 From: "Poul-Henning Kamp" <phk@....freebsd.dk> To: Marek Kroemeke <kroemeke@...il.com> cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com, varnish-misc@...nish-cache.org Subject: Re: Varnish - no CVE == bug regression In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg@...l.gmail.com>, Marek Kroemeke writes: >I'm not entirely convinced that there is a trust relationship between the >cache and the backend in every single use case. It may not be total trust, but trust there is: On party delivers the other partys web-property. But as I said: We will fix bugs, but we don't consider them DoS vulns. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@...eBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.