Re: Proper procedure for reporting possible security vulnerabilities?

From: Jesper Juhl
Date: Tue Jan 11 2005 - 12:01:55 EST

Next message: Stian Jordet: "Re: i2c_adapter i2c-0: Bus collision!"
Previous message: Miklos Szeredi: "[PATCH 10/11] FUSE - NFS export"
In reply to: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Jan Engelhardt: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Jan 2005, Barry K. Nathan wrote:

> On Mon, Jan 10, 2005 at 11:08:27PM +0100, Diego Calleja wrote:
> > They could have mailed to *THIS* mailing list, so anyone can make a patch.
>
> And abandon the whole idea of coordinated disclosure? That would put

Not everyone agrees that that is the proper way to do things, some prefer
full disclosure.
Personally I'd prefer full disclosure on a public mailing list (copying
vendors, maintainers etc of course), so as many people as possible can get
to work on a fix as soon as possible. Keeping things secret doesn't speed
up the time to get a fix made.

--
Jesper Juhl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stian Jordet: "Re: i2c_adapter i2c-0: Bus collision!"
Previous message: Miklos Szeredi: "[PATCH 10/11] FUSE - NFS export"
In reply to: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Jan Engelhardt: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]