[oss-security] Varnish - no CVE == bug regression

Poul-Henning Kamp phk at phk.freebsd.dk
Thu Jul 3 09:42:37 CEST 2014

In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg at mail.gmail.com>, Marek Kroemeke writes:

>I'm not entirely convinced that there is a trust relationship between the
>cache and the backend in every single use case. 

It may not be total trust, but trust there is:  On party delivers
the other partys web-property.

But as I said:  We will fix bugs, but we don't consider them DoS vulns.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list