Date: Fri, 15 Sep 2017 12:40:06 +0000 From: Ben Seri <ben@...is.com> To: Solar Designer <solar@...nwall.com> Cc: oss-security@...ts.openwall.com Subject: Re: Linux BlueBorne vulnerabilities I agree. And I wish all vendors had such short time frames for releasing patches. Unfortunately this is not the case. On top of this, it was unclear to us whether the linux-distros mailing list would be able to coordinate the kernel patch, so we chose to contact both lists, which required the 7 day embargo period. In any case, we respect the need for a short embargo period, and in this case we disclosed the issues 7 days prior to publication. Ben. On Fri, Sep 15, 2017 at 3:31 PM Solar Designer <solar@...nwall.com> wrote: > On Fri, Sep 15, 2017 at 12:28:11PM +0000, Ben Seri wrote: > > Our thought is that since these issues affect multi vendors that are > using > > Linux, the longer the embargo period, the better chance there is a > > coordinated patch goes out to as many users as possible once the embargo > is > > lifted. > > Indeed, but it's 2017, not 1997. 14 days is considered a long embargo > period now. Unnecessarily long embargoes hurt more than they help. > > Alexander >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ