[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [oss-security] accepting new members to (linux-)distros lists
|
From: |
Leo Famulari |
|
Subject: |
Re: FW: [oss-security] accepting new members to (linux-)distros lists |
|
Date: |
Fri, 7 Jul 2017 15:18:40 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jun 29, 2017 at 12:48:22PM +0800, Alex Vong wrote:
> Leo Famulari <address@hidden> writes:
>
> [...]
> > But, the "Stack Clash" issues took us by surprise and we spent a few
> > days writing and testing our fixes. We are committed to supporting
> > 32-bit platforms where these bugs are apparently easy to exploit.
> > Without access to the exploits or detailed discussion, it was very
> > difficult to know if our fixes actually worked. So, we could have
> > responded more quickly and effectively with early notice.
> [...]
>
> Should we bring this discussion to nix devs as well? I am sure they are
> facing the same issue of not having early access to vulnerabilities. It
> will be insightful to know how they dealt with it in the past and their
> opinions on joining the list.
If somebody who has a relationship with the Nix team would like to
discuss it with them, I'd be happy to hear the result, but I don't
really have time for it right now. Also, we would not be able to discuss
embargoed bugs from linux-distros with them, according to the list
policy.
Besides, I think our present situation and practices regarding security
updates is very different from Nix's. They have different tools for
shipping security updates, and they do the "stable" branch thing.
signature.asc
Description: PGP signature
- Re: FW: [oss-security] accepting new members to (linux-)distros lists,
Leo Famulari <=