Date: Tue, 4 Nov 2014 06:28:42 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) On Tue, Oct 28, 2014 at 04:47:02PM +0300, Alexander Cherepanov wrote: > On 2014-10-15 12:30, Solar Designer wrote: > >- Please don't send fully working exploits (but testcases that exercise > >the flaw are welcome) > > > >FWIW, I've always been tempted to remove the latter guideline, > > Then perhaps just remove it? Removed. This removal isn't meant to actively encourage posting of "weaponized" exploits, but it merely means we don't feel we currently need to include a guideline on this. In other words, this guideline was trying to address a problem we didn't have, and I hope its removal won't create a problem. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ