Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 4 Nov 2014 06:28:42 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:)

On Tue, Oct 28, 2014 at 04:47:02PM +0300, Alexander Cherepanov wrote:
> On 2014-10-15 12:30, Solar Designer wrote:
> >- Please don't send fully working exploits (but testcases that exercise
> >the flaw are welcome)
> >
> >FWIW, I've always been tempted to remove the latter guideline,
> 
> Then perhaps just remove it?

Removed.

This removal isn't meant to actively encourage posting of "weaponized"
exploits, but it merely means we don't feel we currently need to include
a guideline on this.  In other words, this guideline was trying to
address a problem we didn't have, and I hope its removal won't create a
problem.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ