On (08/08/06 00:18), Max Vozeler wrote:
> Hi all,
>
> as Ulf and I have been cooperating on the osiris* bugs recently
> fixed in DSA 1129-1 (CVE-2006-3120), we thought it would be a good
> test for publishing our pre-disclosure discussion to the list.
> You will shortly see a number of messages with "[disclosure] "
> prepended to their Subjects (hopefully).
>
> Regarding the format: We considered different ways including
> sending an mbox and ended up agreeing to "bounce" edited versions
> of the messages to the list - with the original Date, From, To,
> CC headers retained and only some yet to be disclosed information
> stripped. Feedback on this way of disclosure is welcome. Is it
> useful / interesting / practical, whatever.
>
Thanks for doing this. It is fascinating to see a bit more of what goes
on, and get a bit more detail than what is in the advisory.
I'd welcome this for any further cases like this you guys have.
James
--
James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/
seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256
|
