再保险:[CVEPRI] 3月9至10编委会会议总结

基因一定是偷听我们的会议。我们还考虑ICQ,永久测试版。我们基本上同意仅beta状态不是一个理由排除CVE的事情。包含的主要标准包括生命的长度和广度都的可用性。这并不意味着我们必须包括每一个安全漏洞在短暂的“真正”的测试。希望这清除。安迪- - - - - -原始邮件- - - - - -:清单< spaf@CERIAS.PURDUE。莫尼耶EDU >:帕斯卡< pmeunier@PURDUE。EDU > Cc: < cve-editorial-board-list@lists.mitre.org >发送:3月14日,星期二,2000年14日主题:Re: [CVEPRI] 3月9至10编委会会议总结>上午09:09 3/14/00,帕斯卡贝写道:> > >董事会还回顾了CD: EX-BETA。与会者一致认为,CVE > > >应该包括测试软件中存在的问题,提供了测试代码> > >用于公共传播。> > > >我错过了这部分。 I would like to know why people think that bugs > >in admittedly buggy, pre-release, short-lived software run by a few > >people (on hopefully sandboxed or somehow protected or unimportant > >systems) should be of concern to the CVE. > > Unfortunately, the definition of "beta" that you used is not the one used > by most vendors any more (except the buggy part). Most vendors now > release traditionally-alpha code onto the net or in other widespread > release and lots of people adopt it. Mozilla and Windows 2000 are examples > of long-lived, widesprad releases of "beta" code. > > --spaf >