Date: Wed, 22 Apr 2015 18:14:08 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Re: USBCreator D-Bus service On Wed, Apr 22, 2015 at 05:50:35PM -0700, Tavis Ormandy wrote: > > We treat local root escalation vulnerabilities with a high priority. > > I wish you had spoken up during the previous discussion. It was my > impression that embargoes for local privilege escalations were universally > considered deprecated. Believe me, I would have spoken up had I noticed any concensus forming around that idea in the previous discussions; I don't recall seeing it. Anywhere, here we are, I'm speaking up now. Local root is still important to us. > Embargoes tend to make things worse, see your apport patch developed during > embargo or shellshock for examples. However, if you're sure, I'm willing to > do so for Ubuntu specific bugs in future. I still believe reasonable length embargoes help more than they hurt; the failures are more obvious than the successes. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ