Date: Mon, 4 Mar 2013 10:12:53 +0800 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) On Mon, Mar 04, 2013 at 05:44:38AM +0400, Solar Designer wrote: > In my opinion, it'd be best if Linus, Greg, et al. would reconsider > their approach. Reconsider just what specifically? You bring up a bunch of issues that the distros need to consider, what can the Linux kernel security team do differently? We were asked to notify the linux-distro list, and now we will be doing that. Should we not and just go back to how things were before? > Overall, I think we should bite the bullet and accept sko's > notifications to linux-distros, with a grace period of up to 7 days. > Whenever a distro is ready to release an update, they should be able to > insist on doing so within another 1 day, even if the initially planned > grace period would expire later. Would sko be OK with this? Greg? Again, I don't think anyone that is part of security@...nel.org minds about having the issues publicized, after linux-distro has their time to get things fixed and to their users. If the linux-distro people care about that, that does not seem to be a security@...nel.org group issue, right? totally confused, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ