Date: Tue, 15 Sep 2009 21:54:11 +0800 From: Giorgos Keramidas <keramida@freebsd.org> To: Przemyslaw Frasunek <przemyslaw@frasunek.com> Cc: freebsd-questions@freebsd.org Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD Message-ID: <877hw0mhz0.fsf@kobe.laptop> In-Reply-To: <4AAF4927.3070203@frasunek.com> (Przemyslaw Frasunek's message of "Tue, 15 Sep 2009 09:58:31 %2B0200") References: <4AAF4927.3070203@frasunek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= On Tue, 15 Sep 2009 09:58:31 +0200, Przemyslaw Frasunek <przemyslaw@frasunek.com> wrote: > Giorgos Keramidas wrote: >> Przemyslaw should email security-officer with any details he thinks are >> relevant. Then the security team will make sure to fix the bug for all >> affected releases of FreeBSD, release a patch with the fix, issue an >> advisory through the usual channels, and post the details online at our >> security information web pages at <http://www.FreeBSD.org/security/>. > > I see that I received a lot of criticism after disclosing 6.4 vulnerability. > Please read some facts: > > I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly > to security officer. None of them were responded. I haven't filled any PRs, > because it would disclose details of vulnerability to the public and allow > blackhats to exploit it. > > I won't publish anything more than video, before official security advisory. The > exploit is private to me and it won't be given to the "community". Hi Przemyslaw, What I wrote is not criticism for what you have or might have not done. I now know (after posting the initial message) that the security officer is preparing a fix and an advisory, so my response was more like ``this is the usual way of handling this sort of thing''. The wording was a bit careful to avoid implying that you didn't know or were not prepared to do what is appropriate :) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkqvnIMACgkQ1g+UGjGGA7ZoeQCgpHS8dr+byGF0IRMnX0upHRp5 gesAniaVBvLXGSVhrzu1RBXc9EIVD6Ei =04jA -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877hw0mhz0.fsf>