oss-sec mailing list archives

Re: How to deal with reporters who don't want their bugs fixed?

From: Tavis Ormandy <taviso () google com>
Date: Sat, 20 Jan 2018 10:57:27 -0800

On Fri, Jan 19, 2018 at 6:04 AM, Igor Seletskiy <i () cloudlinux com> wrote:

Hi Greg,

I am sure you are right, as you were in the epicenter of it and saw things
happening. More than that -- I am really thankful to a group of people who
worked on fixing it for months to get us where we are. Don't get me wrong -
in no way, I am blaming anyone.

Yet, KAISER patch & especially patch from AMD to the mailing list created a
lot of rumors, that I believe forced earlier disclosure -- because things
got into 'semi-public' state.
I might be wrong, I don't have all the info, and I am sure that people who
were at the center of it have a better understanding of what & why happened.


A better example would be shellshock, a patch was developed in private
under embargo, but as soon as the details were public it was obvious
the patch was incomplete. When it was finally public, we were able to
analyze the problem and develop a real solution - the embargo did
nothing but needlessly delay that process.

Tavis.

Current thread:

Re: How to deal with reporters who don't want their bugs fixed?, (continued)
- - - Re: How to deal with reporters who don't want their bugs fixed? Yves-Alexis Perez (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Ludovic Courtès (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Rich Felker (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
  - Re: How to deal with reporters who don't want their bugs fixed? Luedtke, Nicholas (Cyber Security) (Jan 18)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 18)
    - Re: How to deal with reporters who don't want their bugs fixed? Nicholas Luedtke (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? i (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Greg KH (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Igor Seletskiy (Jan 19)
    - Re: How to deal with reporters who don't want their bugs fixed? Tavis Ormandy (Jan 20)
  - Re: How to deal with reporters who don't want their bugs fixed? Florian Weimer (Jan 20)
    - Re: How to deal with reporters who don't want their bugs fixed? r . hering (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Mikhail Utin (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Ian Zimmerman (Jan 22)
    - Re: Re: How to deal with reporters who don't want their bugs fixed? Tristan Henning (Jan 22)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)
- Re: How to deal with reporters who don't want their bugs fixed? Michael Orlitzky (Jan 18)
- Re: How to deal with reporters who don't want their bugs fixed? Mike O'Connor (Jan 23)
  - Re: How to deal with reporters who don't want their bugs fixed? Stiepan (Jan 26)
    - Re: How to deal with reporters who don't want their bugs fixed? Solar Designer (Jan 26)

(Thread continues...)