From: Jesper Juhl <email@example.com> To: Chris Wright <firstname.lastname@example.org> Cc: Jesper Juhl <email@example.com>, Alan Cox <firstname.lastname@example.org>, Steve Bergman <email@example.com>, Linux Kernel Mailing List <firstname.lastname@example.org>, email@example.com Subject: Re: Proper procedure for reporting possible security vulnerabilities? Date: Wed, 12 Jan 2005 22:05:36 +0100 (CET) [thread overview] Message-ID: <Pine.LNX.firstname.lastname@example.org> (raw) In-Reply-To: <20050111132905.N10567@build.pdx.osdl.net> On Tue, 11 Jan 2005, Chris Wright wrote: > * Jesper Juhl (email@example.com) wrote: > > > > This thread got started by a question about how to go about informing > > people about security vulnerabilities so I think we should erhaps try to > > provide some sensible information about how to go about that that can be > > useful to people no matter what "disclosure camp" the agree with. How > > about something like what I've written below as an addition to > > REPORTING-BUGS or as a seperate REPORTING-SECURITY-BUGS document ? > > Let's just bite the bullet... > No value in providing some info on what's the apreciated behaviour for both the coordinated disclosure and full disclosure people of the world? Both camps are going to continue to exist, and if you only provide information on the prefered aproach for coordinated disclosure then you have even less influence on how the full disclosure camp will spread the info - if you provide some info for them as well, at least some are going to follow it and then more of the proper kernel people will get notified at once instead of finding out later via other channels. I still think adding something along the lines of what I wrote to REPORTING-BUGS has merrit. -- Jesper Juhl PS. Linus, adding you to CC since you're involved in the new thread on more or less the same topic, so I thought you might be interrested in this thread as well.
next prev parent reply other threads:[~2005-01-13 1:34 UTC|newest] Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top 2005-01-10 16:46 Steve Bergman 2005-01-10 18:23 ` Indrek Kruusa 2005-01-10 19:24 ` Alan Cox 2005-01-11 9:32 ` Florian Weimer 2005-01-10 21:31 ` Florian Weimer 2005-01-10 21:42 ` Steve Bergman 2005-01-10 22:08 ` Diego Calleja 2005-01-11 0:19 ` Barry K. Nathan 2005-01-11 0:45 ` Diego Calleja 2005-01-11 9:35 ` Florian Weimer 2005-01-11 16:57 ` Jesper Juhl 2005-01-11 17:05 ` Jan Engelhardt 2005-01-10 22:09 ` linux-os 2005-01-11 0:44 ` Barry K. Nathan 2005-01-10 22:11 ` Jesper Juhl 2005-01-11 0:40 ` Chris Wright 2005-01-11 1:09 ` Diego Calleja 2005-01-11 1:18 ` Chris Wright 2005-01-11 17:05 ` Jesper Juhl 2005-01-11 16:39 ` Alan Cox 2005-01-11 21:25 ` Jesper Juhl 2005-01-11 21:29 ` Chris Wright 2005-01-12 21:05 ` Jesper Juhl [this message] 2005-01-17 22:49 ` Werner Almesberger 2005-01-17 22:52 ` Chris Wright 2005-01-17 23:23 ` Christoph Hellwig 2005-01-17 23:26 ` Chris Wright 2005-01-17 23:57 ` Alan Cox 2005-01-18 1:08 ` Chris Wright 2005-01-11 17:57 ` Chris Wright 2005-01-12 12:23 ` Florian Weimer 2005-01-11 9:49 ` Florian Weimer 2005-01-11 16:10 ` Alan Cox 2005-01-12 12:33 ` Florian Weimer 2005-01-13 15:36 ` Alan Cox [not found] <200501101959.j0AJxUvl032294@laptop11.inf.utfsm.cl> 2005-01-10 21:36 ` Indrek Kruusa
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=Pine.LNX.firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: Proper procedure for reporting possible security vulnerabilities?' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).