Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Apr 2015 19:14:33 -0700
From: Tavis Ormandy <taviso@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Re: USBCreator D-Bus service

On Wed, Apr 22, 2015 at 5:54 PM, Solar Designer <solar@...nwall.com> wrote:
> On Wed, Apr 22, 2015 at 05:09:48PM -0700, Tavis Ormandy wrote:
>> On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote:
>> > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote:
>> >> [as-per previous discussion on the vendors list, skipping closed
>> >> discussion of low-severity issue]
>> >
>> > What "vendors list" do you mean?  Do you possibly mean "vendor's" rather
>> > than "vendors" - that is, upstream's list?  (I do not recall seeing this
>> > on the linux-distros list.)
>>
>> Actually, I was referring to the discussion on linux-distros about
>> apport and abrt.
>>
>> > Either way, it sounds weird to keep a low severity issue private.  Low
>> > severity usually means not needing an embargo in the first place.  But I
>> > guess it was the vendor's preference?
>>
>> Sure, I didn't mention it for the benefit of anyone actually working
>> on linux security. I just wanted to be clear this was expected, as
>> unfortunately my posts tend to get undesired attention.
>
> Oh, I hope I see what you meant now.  You're saying you're skipping
> making this low severity issue closed, and you are instead posting it to
> oss-security right away.

Ah, right, this is what I meant.

> I initially read it almost the other way
> around, that there's also some other low severity issue that you're not
> mentioning on oss-security yet.
>
> Alexander

I see, I could have phrased it better! Apologies!

Tavis.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ