Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Jan 2018 06:04:11 -0800
From: Igor Seletskiy <i@...udlinux.com>
To: oss-security@...ts.openwall.com
Subject: Re: How to deal with reporters who don't want their
 bugs fixed?

Hi Greg,

I am sure you are right, as you were in the epicenter of it and saw things
happening. More than that -- I am really thankful to a group of people who
worked on fixing it for months to get us where we are. Don't get me wrong -
in no way, I am blaming anyone.

Yet, KAISER patch & especially patch from AMD to the mailing list created a
lot of rumors, that I believe forced earlier disclosure -- because things
got into 'semi-public' state.
I might be wrong, I don't have all the info, and I am sure that people who
were at the center of it have a better understanding of what & why happened.


Regards,
Igor Seletskiy |  CEO
CloudLinux OS <https://cloudlinux.com/cloudlinuxos>   |   KernelCare
<https://www.cloudlinux.com/kernelcare>   |   Imunify360
<http://imunify360.com/>

Get 24/7 free, exceptionally good support at cloudlinux.zendesk.com
Follow us on twitter for technical updates: @CloudLinuxOS
<https://twitter.com/cloudlinuxos>

On Fri, Jan 19, 2018 at 5:58 AM, Greg KH <greg@...ah.com> wrote:

> On Fri, Jan 19, 2018 at 05:22:58AM -0800, i@...udlinux.com wrote:
> > We have seen "semi-public" with Meltdown -- I think it was dreadful. I
> > would prefer private to "semi-public" any day.
>
> Meltdown was not semi-public, it was private and siloed and a whole
> bunch of other horrible things.  If it were semi-public, we would have
> had it fixed sooner :)
>
> And yes, a number of us involved are probably going to be writing up a
> post-mortum of that whole horrid affair, feel free to let me know if
> anyone wants to help out with it.  I think it's a great example of what
> not to ever do in the future...
>
> thanks,
>
> greg k-h
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ