DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type:content-transfer-encoding;
        b=f2I/9dKIpCRfdJjpwmPB7CbdJQsiqKB98XcAWWvztjbvJ/l09bvUXGielKKjg0/npgTmFygdQ9laUzWDuKcK+VcWyHh4cHPn9jGaBxuVsSHlh3/7I7oMpWUt+PgJdGIt8XC9mSteMC8cSmhUjdMPQNNqT5mcUAI8VnhKC41vV7I=
Date: Tue, 11 Jan 2005 01:45:51 +0100
From: Diego Calleja <diegocg@gmail.com>
To: "Barry K. Nathan" <barryn@pobox.com>
Cc: steve@rueb.com, linux-kernel@vger.kernel.org
Subject: Re: Proper procedure for reporting possible security
 vulnerabilities?
Message-Id: <20050111014551.7d5254b9.diegocg@gmail.com>
In-Reply-To: <20050111001901.GA4378@ip68-4-98-123.oc.oc.cox.net>
References: <41E2B181.3060009@rueb.com>
	<87d5wdhsxo.fsf@deneb.enyo.de>
	<41E2F6B3.9060008@rueb.com>
	<20050110230827.4d13ae7b.diegocg@gmail.com>
	<20050111001901.GA4378@ip68-4-98-123.oc.oc.cox.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 883
Lines: 18

El Mon, 10 Jan 2005 16:19:01 -0800 "Barry K. Nathan" <barryn@pobox.com> escribi?:

> On Mon, Jan 10, 2005 at 11:08:27PM +0100, Diego Calleja wrote:
> > They could have mailed to *THIS* mailing list, so anyone can make a patch.
> 
> And abandon the whole idea of coordinated disclosure? That would put
> anyone using vendor kernels at a disadvantage (there would be a time gap
> between the vulnerability being public and the vendor kernel being
> released -- which happened anyway with uselib() but which doesn't
> *always* happen).

Yes it wouldn't be "coordinated disclosure" but at least you'd get a patch
instead of a public exploit. 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/