Date: Fri, 19 Jan 2018 06:04:11 -0800 From: Igor Seletskiy <i@...udlinux.com> To: oss-security@...ts.openwall.com Subject: Re: How to deal with reporters who don't want their bugs fixed? Hi Greg, I am sure you are right, as you were in the epicenter of it and saw things happening. More than that -- I am really thankful to a group of people who worked on fixing it for months to get us where we are. Don't get me wrong - in no way, I am blaming anyone. Yet, KAISER patch & especially patch from AMD to the mailing list created a lot of rumors, that I believe forced earlier disclosure -- because things got into 'semi-public' state. I might be wrong, I don't have all the info, and I am sure that people who were at the center of it have a better understanding of what & why happened. Regards, Igor Seletskiy | CEO CloudLinux OS <https://cloudlinux.com/cloudlinuxos> | KernelCare <https://www.cloudlinux.com/kernelcare> | Imunify360 <http://imunify360.com/> Get 24/7 free, exceptionally good support at cloudlinux.zendesk.com Follow us on twitter for technical updates: @CloudLinuxOS <https://twitter.com/cloudlinuxos> On Fri, Jan 19, 2018 at 5:58 AM, Greg KH <greg@...ah.com> wrote: > On Fri, Jan 19, 2018 at 05:22:58AM -0800, i@...udlinux.com wrote: > > We have seen "semi-public" with Meltdown -- I think it was dreadful. I > > would prefer private to "semi-public" any day. > > Meltdown was not semi-public, it was private and siloed and a whole > bunch of other horrible things. If it were semi-public, we would have > had it fixed sooner :) > > And yes, a number of us involved are probably going to be writing up a > post-mortum of that whole horrid affair, feel free to let me know if > anyone wants to help out with it. I think it's a great example of what > not to ever do in the future... > > thanks, > > greg k-h >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ