oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to deal with reporters who don't want their bugs fixed?

From: Igor Seletskiy <i () cloudlinux com>
Date: Fri, 19 Jan 2018 06:04:11 -0800
Hi Greg,

I am sure you are right, as you were in the epicenter of it and saw things
happening. More than that -- I am really thankful to a group of people who
worked on fixing it for months to get us where we are. Don't get me wrong -
in no way, I am blaming anyone.

Yet, KAISER patch & especially patch from AMD to the mailing list created a
lot of rumors, that I believe forced earlier disclosure -- because things
got into 'semi-public' state.
I might be wrong, I don't have all the info, and I am sure that people who
were at the center of it have a better understanding of what & why happened.


Regards,
Igor Seletskiy |  CEO
CloudLinux OS <https://cloudlinux.com/cloudlinuxos>   |   KernelCare
<https://www.cloudlinux.com/kernelcare>   |   Imunify360
<http://imunify360.com/>

Get 24/7 free, exceptionally good support at cloudlinux.zendesk.com
Follow us on twitter for technical updates: @CloudLinuxOS
<https://twitter.com/cloudlinuxos>

On Fri, Jan 19, 2018 at 5:58 AM, Greg KH <greg () kroah com> wrote:


On Fri, Jan 19, 2018 at 05:22:58AM -0800, i () cloudlinux com wrote:

We have seen "semi-public" with Meltdown -- I think it was dreadful. I
would prefer private to "semi-public" any day.


Meltdown was not semi-public, it was private and siloed and a whole
bunch of other horrible things.  If it were semi-public, we would have
had it fixed sooner :)

And yes, a number of us involved are probably going to be writing up a
post-mortum of that whole horrid affair, feel free to let me know if
anyone wants to help out with it.  I think it's a great example of what
not to ever do in the future...

thanks,

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: