Re: libssh security announcements

[Rolf Eike Beer <eb@xxxxxxxxx>]

Rolf Eike Beer wrote:
> On Mittwoch, 24. September 2025 16:03:38 Mitteleuropäische Sommerzeit Jakub
> 
> Jelen wrote:
> > Hi Rolf,
> 
> Hi Jakub,
> 
> > Right now, all the advisories are based on the following template we have
> > in our security process. But other people might follow it differently at
> > times (or even same people at different times):
> > 
> > https://www.libssh.org/development/security-process/
> 
> yes, I already found that one.
> 
> > I agree that the version field is quite important so I would agree that
> > having this field in some fixed format would help. So the simplest thing I
> > can think of would be adjusting the template to help us make it more
> > predictable with something like:
> > 
> > == Versions:    libssh >= X.Y.Z;  < A.B.C
> 
> That would be fine with me, just being consistent would be nice. I think you
> should define in advance how to write down something like "everything since
> 0.6 up to 0.8.2 and 0.9.1", just because this will end up being written
> down differently if you don't, i.e. if you just want to have this as
> multiple lines of the same format, or multiple "< x" clauses, or …

Would you accept a patch to bring up all existing advisories to that format?

Regards,

Eike
-- 
Rolf Eike Beer

emlix GmbH
Headquarters: Berliner Str. 12, 37073 Göttingen, Germany
Phone +49 (0)551 30664-0, e-mail info@xxxxxxxxx
District Court of Göttingen, Registry Number HR B 3160
Managing Directors: Heike Jordan, Dr. Uwe Kracke
VAT ID No. DE 205 198 055
Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
Office Bonn: Bachstr. 6, 53115 Bonn, Germany
http://www.emlix.com

emlix - your embedded Linux partner

Attachment: signature.asc
Description: This is a digitally signed message part.