[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Over-embargoing
From:       Georgi Guninski <guninski () guninski ! com>
Date:       2014-03-24 12:02:18
Message-ID: 20140324120218.GA2561 () sivokote ! iziade ! m$
[Download RAW message or body]

If you ask me some large commercial distros suck much.

They pissed me off on several occasions,
broke the social contract and possibly
alienated other people.

FYI yesterday you lost a CMS bug because
of the lousy CVEs. I was playing with
CMS and noticed an ``anomaly'' which
I don't feel disclosing unless I am
sure it won't get _any_ CVE.


On Mon, Mar 24, 2014 at 10:49:03AM +0100, Florian Weimer wrote:
> At the Debian Security Team meeting <https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html>,
> the topic over-embargoing at Red Hat was touched briefly.
> 
> During the past year or two, we initiated quite a few embargoes for
> mostly uninteresting bugs (denial of service, huge inputs required,
> obscure software or configuration).  We did this mainly out of
> courtesy for others, but we recognize the overhead an embargo
> causes.  In retrospect, I'm not sure if we always made the right
> choice.  What do you think?
> 
> -- 
> Florian Weimer / Red Hat Product Security Team
[prev in list] [next in list] [prev in thread] [next in thread]