Re: Proper procedure for reporting possible security vulnerabilities?

From: Florian Weimer
Date: Tue Jan 11 2005 - 04:39:18 EST

Next message: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Previous message: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
In reply to: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Next in thread: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Barry K. Nathan:

> On Mon, Jan 10, 2005 at 11:08:27PM +0100, Diego Calleja wrote:
>> They could have mailed to *THIS* mailing list, so anyone can make a patch.
>
> And abandon the whole idea of coordinated disclosure?

For local vulnerabilities? Get real.

Most users won't update anyway because they still believe that the
kernel team makes timely security releases, and they are safe as long
as they use the latest kernel.org release. The current process
doesn't protect them.

(I know, they should use vendor kernels instead.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Previous message: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
In reply to: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Next in thread: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]