Re: USBCreator D-Bus service

[Solar Designer <solar () openwall com>]

On Wed, Apr 22, 2015 at 05:09:48PM -0700, Tavis Ormandy wrote:
> On Wed, Apr 22, 2015 at 5:04 PM, Solar Designer <solar () openwall com> wrote:
> > On Wed, Apr 22, 2015 at 04:50:08PM -0700, Tavis Ormandy wrote:
> > > [as-per previous discussion on the vendors list, skipping closed
> > > discussion of low-severity issue]
> >
> > What "vendors list" do you mean?  Do you possibly mean "vendor's" rather
> > than "vendors" - that is, upstream's list?  (I do not recall seeing this
> > on the linux-distros list.)
>
> Actually, I was referring to the discussion on linux-distros about
> apport and abrt.
>
> > Either way, it sounds weird to keep a low severity issue private.  Low
> > severity usually means not needing an embargo in the first place.  But I
> > guess it was the vendor's preference?
>
> Sure, I didn't mention it for the benefit of anyone actually working
> on linux security. I just wanted to be clear this was expected, as
> unfortunately my posts tend to get undesired attention.

Oh, I hope I see what you meant now.  You're saying you're skipping
making this low severity issue closed, and you are instead posting it to
oss-security right away.  I initially read it almost the other way
around, that there's also some other low severity issue that you're not
mentioning on oss-security yet.

Alexander