| ▲ | 0x0 3 hours ago | |
Dropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days? | ||
| ▲ | tptacek 2 hours ago | parent | next [-] | |
There is no one accepted set of norms on disclosure. Any strategy you take, someone will criticize. | ||
| ▲ | john_strinlai an hour ago | parent | prev | next [-] | |
mainline was patched a month ago | ||
| ▲ | akerl_ 2 hours ago | parent | prev [-] | |
I don’t know if “cool” is the word I’d use, but there isn’t an established “right” way to disclose a vulnerability that you found outside of a contracted security review or other employment/contracting arrangement. | ||