oss-sec mailing list archives

Re: Why send bugs embargoed to distros?

From: Leo Famulari <leo () famulari name>
Date: Mon, 25 Sep 2017 14:06:54 -0400

On Mon, Sep 25, 2017 at 02:52:13PM +0100, Cliff Perry wrote:

On 23/09/17 12:44, Hanno Böck wrote:

b) if people think that they'd usually prepare a fixed package, however
they didn't consider optionsbleed important enough. (Naturally I
probably have a bias seeing my findings as more important as other
people, but I could live with that.)


Guix is not on the distros lists, but sometimes upstream projects
contact us privately with pre-release embargoed bug fixes. We will test
and prepare the updated packages during the embargo period whether or
not we thing the bugs warrant an embargo.

Hi Hanno,
The detail of your report was good quality and I'm sure appreciated by
everyone who needed to review it. I know that for Red Hat the
pre-disclosure was useful.


Agreed, your reports are very useful to us, whether we read them in the
pre-release period, or after they have been disclosed publicly.

Attachment: signature.asc
Description:

Current thread:

Re: Why send bugs embargoed to distros?, (continued)
- - Re: Why send bugs embargoed to distros? Anthony Liguori (Sep 23)
- Re: Why send bugs embargoed to distros? Simon McVittie (Sep 23)
- Re: Why send bugs embargoed to distros? Marc Deslauriers (Sep 23)
- Re: Why send bugs embargoed to distros? Kurt H Maier (Sep 23)
- Re: Why send bugs embargoed to distros? Till Dörges (Sep 23)
- Re: Why send bugs embargoed to distros? Marcus Meissner (Sep 23)
- Re: Why send bugs embargoed to distros? Ludovic Courtès (Sep 24)
- Re: Why send bugs embargoed to distros? Igor Seletskiy (Sep 24)
- Re: Why send bugs embargoed to distros? John Haxby (Sep 25)
- Re: Why send bugs embargoed to distros? Cliff Perry (Sep 25)
  - Re: Why send bugs embargoed to distros? Leo Famulari (Sep 25)