oss-sec mailing list archives
Re: Why send bugs embargoed to distros?
From: Leo Famulari <leo () famulari name>
Date: Mon, 25 Sep 2017 14:06:54 -0400
On Mon, Sep 25, 2017 at 02:52:13PM +0100, Cliff Perry wrote:
On 23/09/17 12:44, Hanno Böck wrote:b) if people think that they'd usually prepare a fixed package, however they didn't consider optionsbleed important enough. (Naturally I probably have a bias seeing my findings as more important as other people, but I could live with that.)
Guix is not on the distros lists, but sometimes upstream projects contact us privately with pre-release embargoed bug fixes. We will test and prepare the updated packages during the embargo period whether or not we thing the bugs warrant an embargo.
Hi Hanno, The detail of your report was good quality and I'm sure appreciated by everyone who needed to review it. I know that for Red Hat the pre-disclosure was useful.
Agreed, your reports are very useful to us, whether we read them in the pre-release period, or after they have been disclosed publicly.
Attachment:
signature.asc
Description:
Current thread:
- Re: Why send bugs embargoed to distros?, (continued)
- Re: Why send bugs embargoed to distros? Anthony Liguori (Sep 23)
- Re: Why send bugs embargoed to distros? Simon McVittie (Sep 23)
- Re: Why send bugs embargoed to distros? Marc Deslauriers (Sep 23)
- Re: Why send bugs embargoed to distros? Kurt H Maier (Sep 23)
- Re: Why send bugs embargoed to distros? Till Dörges (Sep 23)
- Re: Why send bugs embargoed to distros? Marcus Meissner (Sep 23)
- Re: Why send bugs embargoed to distros? Ludovic Courtès (Sep 24)
- Re: Why send bugs embargoed to distros? Igor Seletskiy (Sep 24)
- Re: Why send bugs embargoed to distros? John Haxby (Sep 25)
- Re: Why send bugs embargoed to distros? Cliff Perry (Sep 25)
- Re: Why send bugs embargoed to distros? Leo Famulari (Sep 25)