Hi all,
as Ulf and I have been cooperating on the osiris* bugs recently
fixed in DSA 1129-1 (CVE-2006-3120), we thought it would be a good
test for publishing our pre-disclosure discussion to the list.
You will shortly see a number of messages with "[disclosure] "
prepended to their Subjects (hopefully).
Regarding the format: We considered different ways including
sending an mbox and ended up agreeing to "bounce" edited versions
of the messages to the list - with the original Date, From, To,
CC headers retained and only some yet to be disclosed information
stripped. Feedback on this way of disclosure is welcome. Is it
useful / interesting / practical, whatever.
Lets see how it works out ;-)
cheers,
Max
|
