poor social estrategy
Posted Jan 7, 2005 22:44 UTC (Fri) by sbergman27
In reply to: poor social estrategy
Parent article: grsecurity 2.1.0 and kernel vulnerabilities
He did not say that "the decision whether to include a security fix or not include is [sic] dependant on the tone of the reporting email". He said that it would not help them to establish a direct channel to Linus or Andrew. A single person, even two, do not scale well, and the rest of the "contributors" need to learn who to report problems to. :-)
Perhaps some sort of directory service is needed:
Caller: Operator, I need to know who to report this security vulnerability to.
Operator: Please explain the nature of the vulnerability.
Caller: <Fill in the blank>
Operator: Hold for the email address, please...
to post comments)