Re: Proper procedure for reporting possible security vulnerabilities?

From: Jan Engelhardt
Date: Tue Jan 11 2005 - 12:17:22 EST

Next message: Vojtech Pavlik: "Re: for USB guys - strange things in dmesg"
Previous message: Michal Ludvig: "PadLock processing multiple blocks at a time"
In reply to: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: linux-os: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Not everyone agrees that that is the proper way to do things, some prefer
>full disclosure.
>Personally I'd prefer full disclosure on a public mailing list (copying
>vendors, maintainers etc of course), so as many people as possible can get
>to work on a fix as soon as possible. Keeping things secret doesn't speed
>up the time to get a fix made.

But five people working on the same thing aiming to provide a patch (the
very same one, probably) is also no better; work could be saved.

Jan Engelhardt
--
ENOSPC
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "Re: for USB guys - strange things in dmesg"
Previous message: Michal Ludvig: "PadLock processing multiple blocks at a time"
In reply to: Jesper Juhl: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: linux-os: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]