Lessons from the linux-distros mailing list

The oss-security mailing list is specifically set up for reports and discussion of security flaws in open-source software after their embargo, if any, has expired. But the response to a recent report of the fix for a security flaw in the Linux kernel went in a different direction than usual. The report did not break the two-week embargo period, instead it was "late", which has highlighted some problems in the management of flaws of this nature.

Full Story (comments: 1)