Are embargoes on (open source) security bugs needed? Only in the most extreme cases, @kurtseifried argues https://securityblog.redhat.com/2015/06/10/the-hidden-costs-of-embargoes/ …
-
-
Replying to @virusbtn
@virusbtn@kurtseifried You're arguing that you're bad at private fixes, not that private fixes aren't good2 replies 1 retweet 3 likes -
Replying to @dakami
@virusbtn@kurtseifried "Why can't security fixes be like performance fixes" well because private customer data isn't at stake with perf2 replies 1 retweet 1 like -
Replying to @dakami
@virusbtn@kurtseifried bugzilla figured out security flagging a long time ago1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@virusbtn@kurtseifried single vendor issues != multi-vendor or 'library' issues, at all1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@virusbtn@kurtseifried in open source nothing is single vendor as per distros (outside of cms)1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@virusbtn@kurtseifried big difference between product + linux vendors -vs- protocol / huge library (e.g. openssl). can't compare2 replies 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@virusbtn@kurtseifried I just see the repeated debate itself as wasteful and optimizing for the easy result2 replies 0 retweets 0 likes -
Replying to @dakami
@dakami@attritionorg@virusbtn Part of why I'm trying to figure out what we need to measure, and partly by gathering experimental data1 reply 0 retweets 0 likes
@kurtseifried @dakami @virusbtn maybe we shoudl co-opt VIM for these discussions, since it is so low traffic...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.