| ▲ | dweinus 3 hours ago | |
The reporter clearly knows the distro fixes have not been shipped, read their report. They chose to disclose anyway. | ||
| ▲ | john_strinlai 2 hours ago | parent [-] | |
>They chose to disclose anyway. yes, because 30 days had passed from the time the patch landed in the kernel, as per industry standard. approximately every security researcher, including the likes of google and other big names you may know, does a 90+30 disclosure, which is what happened here. they do this for good reason, which has been figured out over decades of experience in reporting thousands and thousands of vulnerabilities. the only security researchers i know of that dont like 90+30 actually argue for shorter timelines (or immediate disclosures). | ||