https://lwn.net/Articles/290938/ This is a special feed containing comments posted to the individual LWN article titled "Quotes of the week". en-us Mon, 13 Oct 2025 11:35:03 +0000 Mon, 13 Oct 2025 11:35:03 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/291837/ https://lwn.net/Articles/291837/ roelofs <FONT COLOR="#880044"><I>Viro makes an interesting charge:</I></FONT> <P> <BLOCKQUOTE> <FONT COLOR="#440088"><I>Going to vendor-sec is a mistake I won't repeat any time soon and I would strongly recommend everybody else to stay the hell away from that morass. It creates inexcusable delays, bounds you to confidentiality and, let's face it, happens to be the prime infiltration target for zero-day exploit traders.</I></FONT> </BLOCKQUOTE> <P> Which part do you see as the charge, or do you mean the whole thing? It certainly creates delays, but I don't think that's a surprise to any of us. It's also unquestionably a prime infiltration <B>target</B>, but that doesn't imply anyone has yet succeeded in doing so; we ("most of us") simply don't know. Finally, he claims vendor-sec binds you to confidentiality, but that's only if you (and/or your employer) allow it; you (or your employer) can also choose to contact them in write-only fashion, provide a disclosure date, and leave it at that. Without a written and mutually-agreed-to contract, what obligation do you have beyond those of basic courtesy/altruism/etc.? IANAL, but I don't think shrinkwrap provisions would have legal force even if they attempted it, and AFAIK, they haven't attempted it. <P> Greg Tue, 29 Jul 2008 02:39:40 +0000 https://lwn.net/Articles/291713/ https://lwn.net/Articles/291713/ JoeBuck Viro makes an interesting charge: <blockquote> Going to vendor-sec is a mistake I won't repeat any time soon and I would strongly recommend everybody else to stay the hell away from that morass. It creates inexcusable delays, bounds you to confidentiality and, let's face it, happens to be the prime infiltration target for zero-day exploit traders. </blockquote> Mon, 28 Jul 2008 03:57:40 +0000 https://lwn.net/Articles/291587/ https://lwn.net/Articles/291587/ zooko <div class="FormattedComment"><pre> I did read the whole thing and it was well worth it for the analysis of the history of a specific security flaw and its patches. </pre></div> Fri, 25 Jul 2008 15:45:38 +0000 https://lwn.net/Articles/291438/ https://lwn.net/Articles/291438/ nix <div class="FormattedComment"><pre> Indeed. I don't think I've ever seen 'gentlemen' used as an insult before. Al shames those of us for whom English is our native tongue. :) </pre></div> Thu, 24 Jul 2008 11:21:13 +0000 https://lwn.net/Articles/291394/ https://lwn.net/Articles/291394/ flewellyn <div class="FormattedComment"><pre> Viro, as usual, is both right and deliciously snarky. </pre></div> Thu, 24 Jul 2008 03:50:47 +0000