Date: Thu, 26 Apr 2007 05:14:19 -0400 From: Tom Rhodes <trhodes@FreeBSD.org> To: Colin Percival <cperciva@FreeBSD.org> Cc: yar@comp.chem.msu.su, scottl@samsco.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c Message-ID: <20070426051419.7ce08353.trhodes@FreeBSD.org> In-Reply-To: <46306C6D.4080301@freebsd.org> References: <200704211417.l3LEHUKK078832@repoman.freebsd.org> <462A27CD.5090006@freebsd.org> <1177170852.32761.0.camel@localhost> <20070424091858.GA31094@comp.chem.msu.su> <462FA0BC.8020207@freebsd.org> <20070426054228.GA53614@comp.chem.msu.su> <463049C6.9080100@samsco.org> <20070426082958.GC53614@comp.chem.msu.su> <4630659E.9040300@samsco.org> <46306C6D.4080301@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Apr 2007 02:10:05 -0700 Colin Percival <cperciva@FreeBSD.org> wrote: > Scott Long wrote: > > Yar Tikhiy wrote: > >> [snip] > >> It's a good news! But what about explaining the code to the public? > >> > >> - Mr. Developer, why does it take an ugly hack to make the device work? > >> - Can't tell ya, I'm under NDA. > > > > I think you have to respect that John and Stephan were doing the right > > thing with this. This was no different than a security fix that gets > > committed before the vulnerability is disclosed. No one seems to get > > upset that the security team operates this way. > > I can only think of one recent case where a security fix was applied without > the vulnerability details becoming public within a matter of minutes (i.e., > as soon as we could get the advisory signed and uploaded), and that was due > to a desire to avoid upstaging my BSDCan talk about hyperthreading (and in > that case, all the details became available about 16 hours after patches were > committed). > > That said, I think we have to respect the fact that NDAs, while not ideal, > provide limited access to information which would otherwise be entirely > unavailable; and in such circumstances I think Yar's suggested response of > "Can't tell ya, I'm under NDA" would be perfectly acceptable. Oh, opinion time. My concern isn't with the NDA as long as a useful commit is made. I think we should be happy something is being put into cvs at all. -- Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070426051419.7ce08353.trhodes>