Re: How to deal with reporters who don't want their bugs fixed?

[ludo () gnu org (Ludovic Courtès)]

Florian Weimer <fweimer () redhat com> skribis:

> Subject says it all: What do you do if you receive a vulnerability
> report, and the reporter requests an embargo at some time in the
> future because that's when their paper/conference presentation/patent
> submission is scheduled?

Perhaps you could publicly state upfront that your project will not
accept deadlines put forth by the people who report vulnerabilities
(other than making sure to coordinate with the relevant parties)?

Ludo’.