Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Jan 2018 06:04:11 -0800
From: Igor Seletskiy <i@...udlinux.com>
To: oss-security@...ts.openwall.com
Subject: Re: How to deal with reporters who don't want their
 bugs fixed?

Hi Greg,

I am sure you are right, as you were in the epicenter of it and saw things
happening. More than that -- I am really thankful to a group of people who
worked on fixing it for months to get us where we are. Don't get me wrong -
in no way, I am blaming anyone.

Yet, KAISER patch & especially patch from AMD to the mailing list created a
lot of rumors, that I believe forced earlier disclosure -- because things
got into 'semi-public' state.
I might be wrong, I don't have all the info, and I am sure that people who
were at the center of it have a better understanding of what & why happened.


Regards,
Igor Seletskiy |  CEO
CloudLinux OS <https://cloudlinux.com/cloudlinuxos>   |   KernelCare
<https://www.cloudlinux.com/kernelcare>   |   Imunify360
<http://imunify360.com/>

Get 24/7 free, exceptionally good support at cloudlinux.zendesk.com
Follow us on twitter for technical updates: @CloudLinuxOS
<https://twitter.com/cloudlinuxos>

On Fri, Jan 19, 2018 at 5:58 AM, Greg KH <greg@...ah.com> wrote:

> On Fri, Jan 19, 2018 at 05:22:58AM -0800, i@...udlinux.com wrote:
> > We have seen "semi-public" with Meltdown -- I think it was dreadful. I
> > would prefer private to "semi-public" any day.
>
> Meltdown was not semi-public, it was private and siloed and a whole
> bunch of other horrible things.  If it were semi-public, we would have
> had it fixed sooner :)
>
> And yes, a number of us involved are probably going to be writing up a
> post-mortum of that whole horrid affair, feel free to let me know if
> anyone wants to help out with it.  I think it's a great example of what
> not to ever do in the future...
>
> thanks,
>
> greg k-h
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.