oss-sec mailing list archives
Re: (linux-)distros list use statistics
From: Solar Designer <solar () openwall com>
Date: Mon, 13 Nov 2017 22:22:11 +0100
On Mon, Nov 13, 2017 at 08:38:59PM +0100, Kristian Fiskerstrand wrote:
On 11/13/2017 08:33 PM, Solar Designer wrote:This lists two very long embargo periods for two Linux kernel issues: 96 days for CVE-2017-7533 and 28 days for CVE-2017-1000255. While this is useful info, it does not reflect (linux-)distros' lists performance as it includes embargo periods from prior to disclosure to those lists. Also, we can't reliably know of such prior embargo periods, so our data would be inconsistent, which is especially bad for calculating averages.It is calculated from first report on distros list,
Oh, I must have guessed wrong. I thought the long embargo periods were correct and assumed that was because of inclusion of pre-distros time, but according to what you're saying these are just two errors.
that said, for CVE-2017-1000255 there was some missing data for first publication (it is public through https://access.redhat.com/security/cve/CVE-2017-1000255 and http://www.securityfocus.com/bid/101264 since 9th), so the publication time is 5.97 days (although not for oss-security posting).
Your statistics appear to suggest that it was public on oss-security exactly 22 days later, but actually it was public on oss-security at most a day later with: http://www.openwall.com/lists/oss-security/2017/10/10/3 I guess you'll correct this. If you ever notice an embargo period exceeding 14 days, please investigate and either correct whatever error you might have or sound the alarm. This shouldn't be happening. Thanks! On Mon, Nov 13, 2017 at 08:42:49PM +0100, Kristian Fiskerstrand wrote:
Page created: http://oss-security.openwall.org/wiki/mailing-lists/distros/stats
Thank you! This currently shows some fields as empty, including but not only for CVE-2017-1000255, where I think you could add the missing info easily. Please do. Meanwhile, I've added a link from: http://oss-security.openwall.org/wiki/mailing-lists/distros#list-usage-statistics Alexander
Current thread:
- (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Anthony Liguori (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)