Conversation
robrwo
left a comment
robrwo
left a comment
There was a problem hiding this comment.
Looks good. I've made some suggestions.
| While CVEs are often specific to a single distribution, this year featured a unique coordination effort. | ||
| Three different JSON modules shared the same vulnerability, resulting in three separate CVEs. | ||
| The maintainers involved were highly responsive, allowing the CNA to coordinate the simultaneous release of the CVEs and patched versions within a short window. | ||
| We would like to thank these maintainers for their patience and diligence. |
There was a problem hiding this comment.
Perhaps mention them by name?
There was a problem hiding this comment.
I for one think this would be nice, though last year I think we chose not to mention contributors by name i the text, didn't we? (I might be misremembering)
There was a problem hiding this comment.
We had a list of CPANSec contributors. Not CPAN maintainers.
There was a problem hiding this comment.
In this case it was three CPAN maintainers for the JSON modules. I am fine either way I can mention them no problem by CPAN ID?
|
Last year, we had a section about TLS in core. I think it would be good to say at least something on this also this year. @Leont, would you mind sharing a paragraph with us, so we may add it? 😸 |
|
Merged into main, so we can get this done before FOSDEM. If @Leont wants to share some info on TLS-in-core, we can add this, and so with the CPAN module authors. |
7 participants
Based on the content everyone added to the cryptpad document