[Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues
Thomas Gleixner
tglx at linutronix.de
Tue Sep 11 18:44:52 UTC 2018
On Tue, 11 Sep 2018, Dave Hansen wrote:
>
> Giving timelines is also very important. Folks spend a lot of time
> counting months and weeks back on the calendar from a disclosure date.
> The timeline gives them a discrete date to *do* something.
Giving a timeline whatfor? How long it takes to fix something? We need to
know about the issue first in order to do so.
So the simple answer here is ASAP and not when some disclosure manager
thinks it's about time. I rather have the fix simmering in my hidden
repository for a month or two than having to rush things toward the
disclosure date or when the embargo breaks early.
But then if we know what it is, it might be trivial to give an ETA and it
might be complete guess work for a while until we wrapped our brains around
it.
Thanks,
tglx
More information about the Ksummit-discuss
mailing list