Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2015 03:54:34 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: USBCreator D-Bus service

On Wed, Apr 22, 2015 at 05:09:48PM -0700, Tavis Ormandy wrote:
> On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote:
> > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote:
> >> [as-per previous discussion on the vendors list, skipping closed
> >> discussion of low-severity issue]
> >
> > What "vendors list" do you mean?  Do you possibly mean "vendor's" rather
> > than "vendors" - that is, upstream's list?  (I do not recall seeing this
> > on the linux-distros list.)
> 
> Actually, I was referring to the discussion on linux-distros about
> apport and abrt.
> 
> > Either way, it sounds weird to keep a low severity issue private.  Low
> > severity usually means not needing an embargo in the first place.  But I
> > guess it was the vendor's preference?
> 
> Sure, I didn't mention it for the benefit of anyone actually working
> on linux security. I just wanted to be clear this was expected, as
> unfortunately my posts tend to get undesired attention.

Oh, I hope I see what you meant now.  You're saying you're skipping
making this low severity issue closed, and you are instead posting it to
oss-security right away.  I initially read it almost the other way
around, that there's also some other low severity issue that you're not
mentioning on oss-security yet.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ