[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Over-embargoing
From: Georgi Guninski <guninski () guninski ! com>
Date: 2014-03-24 12:02:18
Message-ID: 20140324120218.GA2561 () sivokote ! iziade ! m$
[Download RAW message or body]
If you ask me some large commercial distros suck much.
They pissed me off on several occasions,
broke the social contract and possibly
alienated other people.
FYI yesterday you lost a CMS bug because
of the lousy CVEs. I was playing with
CMS and noticed an ``anomaly'' which
I don't feel disclosing unless I am
sure it won't get _any_ CVE.
On Mon, Mar 24, 2014 at 10:49:03AM +0100, Florian Weimer wrote:
> At the Debian Security Team meeting <https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html>,
> the topic over-embargoing at Red Hat was touched briefly.
>
> During the past year or two, we initiated quite a few embargoes for
> mostly uninteresting bugs (denial of service, huge inputs required,
> obscure software or configuration). We did this mainly out of
> courtesy for others, but we recognize the overhead an embargo
> causes. In retrospect, I'm not sure if we always made the right
> choice. What do you think?
>
> --
> Florian Weimer / Red Hat Product Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic