undefined | Better HN

0 pointsjunon2y ago0 comments

Perhaps, but to be honest trying to coordinate times on a specific disclosure day is futile. I would imagine Daniel is aware of this phenomenon.

0 comments

bilekas2y ago

> When there is a HIGH CVE security flaw, why then not release immediately after fix has been applied, but at a set date?

It's a valid question.

junonOP2y ago

That has been answered several hundred times before, by Daniel himself in the original advisory.

Usually ubiquitous projects like this will privately distribute patches to large distros or corps so they can push security updates or at least prepare to push them on the disclosure date so that risk of exploit is lower by the date of disclosure. Otherwise there would be a lag and people would be more exposed for a period after disclosure.

j / k navigate · click thread line to collapse

0 comments

bilekas2y ago

> When there is a HIGH CVE security flaw, why then not release immediately after fix has been applied, but at a set date?

It's a valid question.

junonOP2y ago

That has been answered several hundred times before, by Daniel himself in the original advisory.

j / k navigate · click thread line to collapse