Re: November is officially renamed as "tick off Dave Jones"...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 01, 2006 at 23:30:01 -0500,
  Jesse Keating <jkeating@xxxxxxxxxx> wrote:
> On Wednesday 01 November 2006 23:23, Peter Gordon wrote:
> > I, for one, think that this is a great idea. Finding and fixing bugs in
> > something as critical as the kernel (especially the filesystem code as I
> > understand their page) is a definite plus.
> 
> Finding the bugs is great, however reporting security flaws to vendor-sec and 
> allowing vendors to coordinate in releasing the right fix at the same time is 
> better for the end users and community.  Just dumping a new vulnerability a 
> day to public space is just creating chaos.  Vendors will scramble to fix the 
> flaw, different patches will be used, updates will be rushed out, etc...

Not everyone aggrees with that stance. There is another view that letting
everyone know at once let's sysadmins do mitigation sooner than if they
waited for the vendors to simultaneously release updates.

However sitting on bugs (so as to release one a day) without notifying
vendors or the public is a not nice thing to do.

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]