In what appears to be a rather poor disclosure process @gnupg (which apparently was not pre-notified) acted quite well.https://twitter.com/halvarflake/status/995939523971420160 …
-
-
Replying to @AndreaBarisani @gnupg
really ? As a matter of fact it was notified though :)
1 reply 0 retweets 0 likes -
Andrea Barisani Retweeted GNU Privacy Guard
They claim the contrary (https://twitter.com/gnupg/status/995936684213723136?s=21 …) also details got out way before the 24-ish embargo date. The outcome is objectively a little bit of a mess wouldn’t you say? Disclosure is hard, been there...done that (oCERT).
Andrea Barisani added,
1 reply 0 retweets 0 likes -
Replying to @AndreaBarisani @gnupg
They claim that but then they wrote they have been indeed contacted https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060320.html …. The outcome is yes a mess. Paper is cute though
1 reply 0 retweets 0 likes
Indeed, the results are neat and is rather embarrassing they the security community didn’t spot these earlier actually ;). It is a good and relevant work. But when, in few hours, you go from pre-announcement to full details released (not meant to be) then yeah...mess.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.