On Wed, Nov 01, 2006 at 23:30:01 -0500, Jesse Keating <jkeating@xxxxxxxxxx> wrote: > On Wednesday 01 November 2006 23:23, Peter Gordon wrote: > > I, for one, think that this is a great idea. Finding and fixing bugs in > > something as critical as the kernel (especially the filesystem code as I > > understand their page) is a definite plus. > > Finding the bugs is great, however reporting security flaws to vendor-sec and > allowing vendors to coordinate in releasing the right fix at the same time is > better for the end users and community. Just dumping a new vulnerability a > day to public space is just creating chaos. Vendors will scramble to fix the > flaw, different patches will be used, updates will be rushed out, etc... Not everyone aggrees with that stance. There is another view that letting everyone know at once let's sysadmins do mitigation sooner than if they waited for the vendors to simultaneously release updates. However sitting on bugs (so as to release one a day) without notifying vendors or the public is a not nice thing to do. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list