garloff
commented
4 months ago We should publish this tomorrow -- or maybe discard, if we think it's not worthwhile.
Closed garloff closed 4 months ago
garloff
commented
4 months ago We should publish this tomorrow -- or maybe discard, if we think it's not worthwhile.
garloff
commented
4 months ago We need to decide whether or not we publish this. @fkr ? @ bitkeks? @scoopex ? This would be an extra service (given the scope of exploits), not an acknowledgement that we are responsible to create such security notes. If we push it out, we should do it today (or maybe tomorrow), otherwise, it's probably better to not publish it.
fkr
commented
4 months ago I think, this should not be an advisory. If we want to raise awareness to the issue, it should be a blogpost. Why not an advisory: Because with the advisories, we should focus on the core stuff that relates to our deliverables. If we start issueing advisories for other stuff, we will have no clear "where to start and where to stop". Aside from that I think, it is also a matter of focus. We should focus on our core deliverables - there is enough heavy lifting to be done there.
garloff
commented
4 months ago Ok, we won't do this.
A security note on the openssh desaster.