GitHub incidents spawns Rails security debate
GitHub incidents spawns Rails security debate
Posted Mar 15, 2012 15:07 UTC (Thu) by rqosa (subscriber, #24136)In reply to: GitHub incidents spawns Rails security debate by bronson
Parent article: GitHub incidents spawns Rails security debate
> This bug would never merit a CVE.
Do you mean the Rails default behavior, or the GitHub vulnerability? It seems like the GitHub vulnerability would have merited a CVE — if it weren't for the GitHub software being purely in-house (not distributed outside of GitHub, Inc.), correct?
GitHub incidents spawns Rails security debate
Posted Mar 26, 2012 20:29 UTC (Mon)
by bronson (subscriber, #4806)
[Link]
Posted Mar 26, 2012 20:29 UTC (Mon) by bronson (subscriber, #4806) [Link]
It's true, Github Enterprise Install might merit a CVE. I don't think that the Rails default behavior (documented since 2008?) or Github (as you say, not distributed) would warrant one.
But, while I've done a fair amount of Rails, I'm not the most in touch with CVEs.