oss-sec mailing list archives
Re: How to deal with reporters who don't want their bugs fixed?
From: ludo () gnu org (Ludovic Courtès)
Date: Thu, 18 Jan 2018 18:02:02 +0100
Florian Weimer <fweimer () redhat com> skribis:
Subject says it all: What do you do if you receive a vulnerability report, and the reporter requests an embargo at some time in the future because that's when their paper/conference presentation/patent submission is scheduled?
Perhaps you could publicly state upfront that your project will not accept deadlines put forth by the people who report vulnerabilities (other than making sure to coordinate with the relevant parties)? Ludo’.
Current thread:
- How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Kurt Seifried (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Gynvael Coldwind (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Matthias Fetzer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Rich Felker (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? i (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Greg KH (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy (Jan 19)
- Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy (Jan 20)
- Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)