In what appears to be a rather poor disclosure process @gnupg (which apparently was not pre-notified) acted quite well.https://twitter.com/halvarflake/status/995939523971420160 …
They claim the contrary (https://twitter.com/gnupg/status/995936684213723136?s=21 …) also details got out way before the 24-ish embargo date. The outcome is objectively a little bit of a mess wouldn’t you say? Disclosure is hard, been there...done that (oCERT).
-
-
They claim that but then they wrote they have been indeed contacted https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060320.html …. The outcome is yes a mess. Paper is cute though
-
Indeed, the results are neat and is rather embarrassing they the security community didn’t spot these earlier actually ;). It is a good and relevant work. But when, in few hours, you go from pre-announcement to full details released (not meant to be) then yeah...mess.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.