Re: Proper procedure for reporting possible security vulnerabilities?

From: Barry K. Nathan
Date: Mon Jan 10 2005 - 19:35:53 EST

Next message: Slade Maurer: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Christoph Lameter: "Prezeroing V4 [4/4]: Extend clear_page to take an order parameter"
In reply to: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Next in thread: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 10, 2005 at 11:08:27PM +0100, Diego Calleja wrote:
> They could have mailed to *THIS* mailing list, so anyone can make a patch.

And abandon the whole idea of coordinated disclosure? That would put
anyone using vendor kernels at a disadvantage (there would be a time gap
between the vulnerability being public and the vendor kernel being
released -- which happened anyway with uselib() but which doesn't
*always* happen).

-Barry K. Nathan <barryn@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Slade Maurer: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Christoph Lameter: "Prezeroing V4 [4/4]: Extend clear_page to take an order parameter"
In reply to: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Next in thread: Diego Calleja: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]