Re: DSA 438 - bad server time, bad kernel version or information delayed?

[Michael Stone <mstone@debian.org>]

On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
> In other cases, that entity discloses informatin only to a select few parties, 
> amongst them the non-CERT Debian security team. This is the one case where 
> that scheme does make a difference. Has this ever happened in the past?

This has nothing to do with CERT, that's a red herring. There is *no*
case where this reorganization would make a difference because a
security problem that is public (e.g., reported independently by someone
outside the original disclosure chain) will be immediately published
regardless of whatever the original reporter's plans were.

Mike Stone