Date: Wed, 22 Apr 2015 19:14:33 -0700 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: USBCreator D-Bus service On Wed, Apr 22, 2015 at 5:54 PM, Solar Designer <solar@...nwall.com> wrote: > On Wed, Apr 22, 2015 at 05:09:48PM -0700, Tavis Ormandy wrote: >> On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar@...nwall.com> wrote: >> > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote: >> >> [as-per previous discussion on the vendors list, skipping closed >> >> discussion of low-severity issue] >> > >> > What "vendors list" do you mean? Do you possibly mean "vendor's" rather >> > than "vendors" - that is, upstream's list? (I do not recall seeing this >> > on the linux-distros list.) >> >> Actually, I was referring to the discussion on linux-distros about >> apport and abrt. >> >> > Either way, it sounds weird to keep a low severity issue private. Low >> > severity usually means not needing an embargo in the first place. But I >> > guess it was the vendor's preference? >> >> Sure, I didn't mention it for the benefit of anyone actually working >> on linux security. I just wanted to be clear this was expected, as >> unfortunately my posts tend to get undesired attention. > > Oh, I hope I see what you meant now. You're saying you're skipping > making this low severity issue closed, and you are instead posting it to > oss-security right away. Ah, right, this is what I meant. > I initially read it almost the other way > around, that there's also some other low severity issue that you're not > mentioning on oss-security yet. > > Alexander I see, I could have phrased it better! Apologies! Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ