Date: Sun, 30 Jun 1996 11:21:58 -0700 (PDT) From: "David E. O'Brien" <obrien@Nuxi.cs.ucdavis.edu> To: jmb@FRB.GOV (Jonathan M. Bresler) Cc: freebsd-security@freebsd.org Subject: Re: BoS: Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Message-ID: <199606301821.LAA20002@relay.nuxi.com> In-Reply-To: <199606301536.LAA15220@kryten.frb.gov> from "Jonathan M. Bresler" at Jun 30, 96 11:36:21 am
next in thread | previous in thread | raw e-mail | index | archive | help
> CERT sends out a notice as soon as the vendor agrees. > the issue is not CERT, the issue is CERT's policy of waiting for > the vendor regardless of how long the vendor takes to produce > a fix. (hours? days? weeks? .....) > > its the unlimited waiting period that tweaks people. > > jmb > -- > Jonathan M. Bresler 202-452-2831 breslerj@frb.gov Speaking of delays to produce a notice, what is FreeBSD's policy? What is the policy on full-disclosure? -- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606301821.LAA20002>