Date: Thu, 23 Apr 2015 03:54:34 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: USBCreator D-Bus service On Wed, Apr 22, 2015 at 05:09:48PM -0700, Tavis Ormandy wrote: > On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote: > > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote: > >> [as-per previous discussion on the vendors list, skipping closed > >> discussion of low-severity issue] > > > > What "vendors list" do you mean? Do you possibly mean "vendor's" rather > > than "vendors" - that is, upstream's list? (I do not recall seeing this > > on the linux-distros list.) > > Actually, I was referring to the discussion on linux-distros about > apport and abrt. > > > Either way, it sounds weird to keep a low severity issue private. Low > > severity usually means not needing an embargo in the first place. But I > > guess it was the vendor's preference? > > Sure, I didn't mention it for the benefit of anyone actually working > on linux security. I just wanted to be clear this was expected, as > unfortunately my posts tend to get undesired attention. Oh, I hope I see what you meant now. You're saying you're skipping making this low severity issue closed, and you are instead posting it to oss-security right away. I initially read it almost the other way around, that there's also some other low severity issue that you're not mentioning on oss-security yet. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ