oss-sec mailing list archives
Re: Closed list
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 14 Apr 2011 10:14:13 +0200
On Wed, 13 Apr 2011 19:02:05 -0400 Mike O'Connor wrote:
Focusing on how you think an update ought to *look* (e.g. should the advisories be public?) isn't as important as the update getting *out*. Especially since you're dealing with GPL'ed code, I think that's something you can measure. Just ask the constituency a month or so after some major kernel issue who has released updates/fixes and who hasn't, show the relevant source, and take it from there.
Even though it's GPL'ed code, some vendors may not make their sources publicly available to "random strangers" and rather only restrict them to their customers. Given the current context of this discussion, public visibility of their source packages may not be better than the visibility of their binary packages or "advisories" (whatever form you expect them to be). -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- [security-vendor] Re: [oss-security] Closed list, (continued)
- [security-vendor] Re: [oss-security] Closed list Zhao, Zhenfeng (May 11)
- Re: Closed list Tomas Hoger (May 17)
- Re: Closed list Solar Designer (May 02)
- Re: Closed list Jan Lieskovsky (May 16)
- Re: Closed list Solar Designer (May 16)
- Re: Closed list zardoz (Apr 01)
- Re: Closed list Solar Designer (Apr 01)
- Re: Closed list Stefan Behte (Apr 06)
- Re: Closed list Solar Designer (Apr 12)
- Re: Closed list Mike O'Connor (Apr 13)
- Re: Closed list Tomas Hoger (Apr 14)
- Re: Closed list Josh Bressers (Apr 14)
- Re: Closed list akuster (Apr 14)
- Re: Closed list Patrick J. Volkerding (Apr 14)
- Re: Closed list Oracle Security Alerts (Apr 26)
- Re: Closed list Solar Designer (Apr 30)
- Re: Closed list Tomas Hoger (May 17)
- Re: Closed list Oracle Security Alerts (May 17)
- Re: Closed list Solar Designer (Jun 01)
- Re: Closed list Tomas Hoger (Jun 16)
- Re: Closed list Tomas Hoger (Jun 16)
- Re: Closed list Solar Designer (Apr 30)