Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fixed initialisation of sizeof_ssl_backend_data #2083
I think that the change that removes the
+ is good, but needs a much better commit message to be convincing. I am fairly certain that the second commit is unnecessary.
This was referenced
Nov 16, 2017
referenced this pull request
Nov 17, 2017
As mentioned in documentation:
Is that an unclear description?
@bagder Think it is clear. Nice that you know where to look to this description. Hope others will read documentation too and will not blame me about short commit descriptions.
@bagder So, what's the decision for bug qualification? Is it security bug or not? Should I publish more information about it?
@Karlson2k for security sensitive bugs, nothing should be posted about it in public (until the publication date) so that we don't risk hurt existing users unnecessarily. So as long as a bug is considered a security issue, it should not be posted on github and there should be no public PR about it. Explained in our security development process document.
PRs that aren't security issues should have as good commit messages as possible. They should therefor never be shortened or held back for security reasons, since if they were security sensitive they shouldn't be public in the first place!