Date: Thu, 14 Apr 2011 10:14:13 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Closed list On Wed, 13 Apr 2011 19:02:05 -0400 Mike O'Connor wrote: > Focusing on how you think an update ought to *look* (e.g. should the > advisories be public?) isn't as important as the update getting > *out*. Especially since you're dealing with GPL'ed code, I think > that's something you can measure. Just ask the constituency a month > or so after some major kernel issue who has released updates/fixes > and who hasn't, show the relevant source, and take it from there. Even though it's GPL'ed code, some vendors may not make their sources publicly available to "random strangers" and rather only restrict them to their customers. Given the current context of this discussion, public visibility of their source packages may not be better than the visibility of their binary packages or "advisories" (whatever form you expect them to be). -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.