[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

Gergely Nagy wrote:

> > I disagree with t=1, t=1 should be "researcher releases PUBLIC advisory"
> > in my opinion.
> So users can flame all distributions for not having a fix available for
> a know vulnerability? And especially Debian, because as previously said,
> with 11 architectures, it will come out dead last?
> I'd be very pissed if that would be how things work, as I do not want to
> let every bugtraq reader try the published exploit BEFORE there is a fix
> available.
So in other words, you'd rather they all had their machines vulnerable
to potential hackers for a period of time?

As a user, I'd rather know about the exploit at t=1, so I can decide
whether to shut down that service or not until my software provider of
choice have provided updated software.

Scott James Remnant     Have you ever, ever felt like this?  Had strange
http://netsplit.com/      things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: