Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Apr 2015 17:09:48 -0700
From: Tavis Ormandy <taviso@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Re: USBCreator D-Bus service

On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote:
> Hi Tavis,
>
> On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote:
>> [as-per previous discussion on the vendors list, skipping closed
>> discussion of low-severity issue]
>
> What "vendors list" do you mean?  Do you possibly mean "vendor's" rather
> than "vendors" - that is, upstream's list?  (I do not recall seeing this
> on the linux-distros list.)

Actually, I was referring to the discussion on linux-distros about
apport and abrt.

> Either way, it sounds weird to keep a low severity issue private.  Low
> severity usually means not needing an embargo in the first place.  But I
> guess it was the vendor's preference?

Sure, I didn't mention it for the benefit of anyone actually working
on linux security. I just wanted to be clear this was expected, as
unfortunately my posts tend to get undesired attention.

Tavis.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ