From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner+willy=40w.ods.org-S262715AbVAJVzu@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S262715AbVAJVzu (ORCPT <rfc822;willy@w.ods.org>);
	Mon, 10 Jan 2005 16:55:50 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262709AbVAJVxb
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Mon, 10 Jan 2005 16:53:31 -0500
Received: from lakermmtao04.cox.net ([68.230.240.35]:56554 "EHLO
	lakermmtao04.cox.net") by vger.kernel.org with ESMTP
	id S262701AbVAJVmQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 10 Jan 2005 16:42:16 -0500
Message-ID: <41E2F6B3.9060008@rueb.com>
Date: Mon, 10 Jan 2005 15:42:11 -0600
From: Steve Bergman <steve@rueb.com>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041127)
X-Accept-Language: en-us, en
MIME-Version: 1.0
CC: linux-kernel@vger.kernel.org
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de>
In-Reply-To: <87d5wdhsxo.fsf@deneb.enyo.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: unlisted-recipients:; (no To-header on input)
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org

Florian Weimer wrote:

>Contact your vendor.  You are using vendor kernels, are you? 8-)
>  
>

Actually I am having a discussion with a Pax Team member about how the 
recent exploits discovered by the grsecurity guys should have been 
handled.  They clam that they sent email to Linus and Andrew and did not 
receive a response for 3 weeks, and that is why they released exploit 
code into the wild.

Anyone here have any comments on what I should tell him?

Thanks,
Steve Bergman