Hello Antoine,

Nothing really new in those 10 security advisories, I think one thing that 
could be a benefit could be to assign a unique numeric identifier to each 
sec advisory.

As openssh showed this week this could be good to minimize risks of 
regressions by favoring methodic screen of old vulnerabilities at review of 
new changes.

On the security researcher / handler-side, having unique numeric 
identifiers make it also easier to coordinate mitigation patches 
development and deployment.

Best,
Antoine (the other one).

Le mercredi 3 juillet 2024 à 17:36:02 UTC+1, Antoine Poinsot a écrit :

> Hi everyone,
>
> Today we are releasing 10 security advisories for the Bitcoin Core 
> project. Those bugs affect versions of Bitcoin Core before (and not 
> including) 0.21.0.
>
> This is part of the gradual adoption by the project of a new vulnerability 
> disclosure policy.
>
> The policy and the 10 security advisories can be found on the project's 
> website at https://bitcoincore.org/en/security-advisories .
>
> We will follow up later in july to publicly disclose vulnerabilities fixed 
> in version 22.0. And then in august to disclose those fixed in version 
> 23.0, and so on until we run out of old unmaintained versions to disclose 
> vulnerabilities for. The announced policy will then start to be observed 
> for new versions.
>
> Antoine Poinsot
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/a3a30a30-a28b-4348-a0bd-5a70714997e7n%40googlegroups.com.