Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262854AbVAKRKP (ORCPT ); Tue, 11 Jan 2005 12:10:15 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262843AbVAKRHs (ORCPT ); Tue, 11 Jan 2005 12:07:48 -0500 Received: from linux01.gwdg.de ([134.76.13.21]:64131 "EHLO linux01.gwdg.de") by vger.kernel.org with ESMTP id S262831AbVAKRF7 (ORCPT ); Tue, 11 Jan 2005 12:05:59 -0500 Date: Tue, 11 Jan 2005 18:05:54 +0100 (MET) From: Jan Engelhardt cc: linux-kernel@vger.kernel.org Subject: Re: Proper procedure for reporting possible security vulnerabilities? In-Reply-To: Message-ID: References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de> <41E2F6B3.9060008@rueb.com> <20050110230827.4d13ae7b.diegocg@gmail.com> <20050111001901.GA4378@ip68-4-98-123.oc.oc.cox.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 766 Lines: 20 >Not everyone agrees that that is the proper way to do things, some prefer >full disclosure. >Personally I'd prefer full disclosure on a public mailing list (copying >vendors, maintainers etc of course), so as many people as possible can get >to work on a fix as soon as possible. Keeping things secret doesn't speed >up the time to get a fix made. But five people working on the same thing aiming to provide a patch (the very same one, probably) is also no better; work could be saved. Jan Engelhardt -- ENOSPC - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/