[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] Moving ntpd to an open VCS
|
From: |
Gary E. Miller |
|
Subject: |
Re: [gpsd-dev] Moving ntpd to an open VCS |
|
Date: |
Wed, 23 Oct 2013 11:52:27 -0700 |
Yo Harlan!
On Wed, 23 Oct 2013 07:38:35 +0000
Harlan Stenn <address@hidden> wrote:
> > security patches private is not generally accepted by the
> > open-source community. I'm not going to argue the merits here
> > because my personal views are not very relevant; what matters is
> > the social fact that most open source developers are fans of prompt
> > full disclosure, or at most a very short timeout. The minority that
> > partially agrees with you will not save you on any of these other
> > issues.
>
> I used to be in this camp of the open-source community. I might still
> be, depending on the definition of "prompt". The NTP Project's
> software is core infrastructure stuff. It's not something people
> generally casually install. If we get a security report, we contact
> folks like CERT and they get back to us and usually ask for at least
> a 45 day disclosure embargo after we get them patches so the OS
> vendors and various gov't agencies can prepare for the "announcement".
Yes, you really need to give the NSA a chance to exploit your bugs before
anyone can patch them.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
address@hidden Tel:+1(541)382-8588
signature.asc
Description: PGP signature
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, (continued)
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, Eric S. Raymond, 2013/10/22
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, Harlan Stenn, 2013/10/22
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, Gary E. Miller, 2013/10/22
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, Eric S. Raymond, 2013/10/22
- Re: [gpsd-dev] Clarifications needed for the time-service HOWTO, Harlan Stenn, 2013/10/22
- [gpsd-dev] Moving ntpd to an open VCS, Eric S. Raymond, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Dave Taht, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Harlan Stenn, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Harlan Stenn, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Eric S. Raymond, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS,
Gary E. Miller <=
- Re: [gpsd-dev] Moving ntpd to an open VCS, Harlan Stenn, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Gary E. Miller, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Harlan Stenn, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Gerry Creager - NOAA Affiliate, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Harlan Stenn, 2013/10/23
- Re: [gpsd-dev] Moving ntpd to an open VCS, Dave Taht, 2013/10/26
- Re: [gpsd-dev] Moving ntpd to an open VCS, Gary E. Miller, 2013/10/27
- Re: [gpsd-dev] Moving ntpd to an open VCS, Hal Murray, 2013/10/27
- Re: [gpsd-dev] Moving ntpd to an open VCS, Dave Taht, 2013/10/28
- Re: [gpsd-dev] Moving ntpd to an open VCS, Gary E. Miller, 2013/10/28