Re: Over-embargoing

[Georgi Guninski <guninski () guninski com>]

If you ask me some large commercial distros suck much.

They pissed me off on several occasions,
broke the social contract and possibly
alienated other people.

FYI yesterday you lost a CMS bug because
of the lousy CVEs. I was playing with
CMS and noticed an ``anomaly'' which
I don't feel disclosing unless I am
sure it won't get _any_ CVE.


On Mon, Mar 24, 2014 at 10:49:03AM +0100, Florian Weimer wrote:
> At the Debian Security Team meeting <https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html>,
> the topic over-embargoing at Red Hat was touched briefly.
>
> During the past year or two, we initiated quite a few embargoes for
> mostly uninteresting bugs (denial of service, huge inputs required,
> obscure software or configuration).  We did this mainly out of
> courtesy for others, but we recognize the overhead an embargo
> causes.  In retrospect, I'm not sure if we always made the right
> choice.  What do you think?
>
> -- 
> Florian Weimer / Red Hat Product Security Team