Date: Wed, 22 Apr 2015 18:14:08 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Re: USBCreator D-Bus service On Wed, Apr 22, 2015 at 05:50:35PM -0700, Tavis Ormandy wrote: > > We treat local root escalation vulnerabilities with a high priority. > > I wish you had spoken up during the previous discussion. It was my > impression that embargoes for local privilege escalations were universally > considered deprecated. Believe me, I would have spoken up had I noticed any concensus forming around that idea in the previous discussions; I don't recall seeing it. Anywhere, here we are, I'm speaking up now. Local root is still important to us. > Embargoes tend to make things worse, see your apport patch developed during > embargo or shellshock for examples. However, if you're sure, I'm willing to > do so for Ubuntu specific bugs in future. I still believe reasonable length embargoes help more than they hurt; the failures are more obvious than the successes. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.