On Fri, May 25, 2012 at 02:27:19PM -0000, Brian Murray wrote:
> I think it makes more sense to white list what we actually want to
> prevent issues like this in the future. I mean if we add code to
> update-manager to write another log file that ends up containing
> sensitive information we could end up with another CVE like this.
Yes, agreed on a whitelist approach, that makes more sense actually.
On Fri, May 25, 2012 at 02:27:19PM -0000, Brian Murray wrote:
> I think it makes more sense to white list what we actually want to
> prevent issues like this in the future. I mean if we add code to
> update-manager to write another log file that ends up containing
> sensitive information we could end up with another CVE like this.
Yes, agreed on a whitelist approach, that makes more sense actually.
Cheers,
Michael