oss-sec mailing list archives

Re: ncurses fixes upstream

From: Solar Designer <solar () openwall com>
Date: Sat, 15 Apr 2023 14:31:18 +0200

On Sat, Apr 15, 2023 at 09:33:24AM +0300, Georgi Guninski wrote:

Isn't MicroSoft member of linux distros mailing list [0], which
purpose is exactly quietly trading 0days [1]?

Does the OP with m$ email address realize this?

[0] https://oss-security.openwall.org/wiki/mailing-lists/distros
[1] https://seclists.org/oss-sec/2019/q3/19
Re: linux-distros membership application - Microsoft


The (linux-)distros lists are meant for handling of embargoed issues
prior to their public disclosure and in cases where such private
handling is expected to help.  In this case, the issue was already
semi-public (via the fixes and the NEWS file) and I wouldn't expect
private handling to help more than public does.  Every distro present on
(linux-)distros is supposed to also be present on oss-security.  So in
my opinion Jonathan did the right thing of posting this to oss-security
right away.

Also, in general, choosing whether to post to linux-distros, to distros,
or to oss-security shouldn't be related to whether one is a member of
(linux-)distros or not.  Anyone can report an issue to any of these
lists as appropriate for the given issue and its current status.

Alexander

Current thread:

ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 12)
- Re: ncurses fixes upstream Sam James (Apr 13)
  - Re: ncurses fixes upstream Georgi Guninski (Apr 15)
    - Re: ncurses fixes upstream Solar Designer (Apr 15)
- Re: ncurses fixes upstream alice (Apr 13)
- Re: ncurses fixes upstream Mark Esler (Apr 13)
  - Re: ncurses fixes upstream Tavis Ormandy (Apr 14)
- Re: ncurses fixes upstream Carlos López (Apr 19)
  - RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
    - Re: ncurses fixes upstream Solar Designer (Apr 19)
    - Re: ncurses fixes upstream Tavis Ormandy (Apr 20)
    - Re: ncurses fixes upstream Sevan Janiyan (Apr 21)