Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Sep 2017 12:40:06 +0000
From: Ben Seri <ben@...is.com>
To: Solar Designer <solar@...nwall.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Linux BlueBorne vulnerabilities

I agree. And I wish all vendors had such short time frames for releasing
patches.
Unfortunately this is not the case.

On top of this, it was unclear to us whether the linux-distros mailing list
would be able to coordinate the kernel patch, so we chose to contact both
lists, which required the 7 day embargo period.

In any case, we respect the need for a short embargo period, and in this
case we disclosed the issues 7 days prior to publication.

Ben.

On Fri, Sep 15, 2017 at 3:31 PM Solar Designer <solar@...nwall.com> wrote:

> On Fri, Sep 15, 2017 at 12:28:11PM +0000, Ben Seri wrote:
> > Our thought is that since these issues affect multi vendors that are
> using
> > Linux, the longer the embargo period, the better chance there is a
> > coordinated patch goes out to as many users as possible once the embargo
> is
> > lifted.
>
> Indeed, but it's 2017, not 1997.  14 days is considered a long embargo
> period now.  Unnecessarily long embargoes hurt more than they help.
>
> Alexander
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ