Great find & post. What are your thoughts on ways to address the window of exposure between upstream fix, stable fix, distro uptake, and end-user install?
-
-
-
Tricky! I think it would at least help if distributions and upstream could 1) find common agreement on what the actual problem is, and 2) work on a shared plan. The guidance given to security researchers is very inconsistent at the moment.
- 5 more replies
New conversation -
-
-
Note that distros has a 14 day max embargo, kernel is 7. Might work for linux-only bugs, but tough on downstream
-
This Tweet is unavailable.
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.