Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110414101413.28823b71@orphan>
Date: Thu, 14 Apr 2011 10:14:13 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Closed list

On Wed, 13 Apr 2011 19:02:05 -0400 Mike O'Connor wrote:

> Focusing on how you think an update ought to *look* (e.g. should the
> advisories be public?) isn't as important as the update getting
> *out*.  Especially since you're dealing with GPL'ed code, I think
> that's something you can measure.  Just ask the constituency a month
> or so after some major kernel issue who has released updates/fixes
> and who hasn't, show the relevant source, and take it from there.

Even though it's GPL'ed code, some vendors may not make their sources
publicly available to "random strangers" and rather only restrict them
to their customers.  Given the current context of this discussion,
public visibility of their source packages may not be better than the
visibility of their binary packages or "advisories" (whatever form you
expect them to be).

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.