|
|
|
|
|
|
by temprature
3082 days ago
|
|
|
He told them they could go ahead, he then regretted it but that's not OpenBSD's fault. From https://www.krackattacks.com/#openbsd : > As a compromise, I allowed them to silently patch the vulnerability. Receiving permission to patch is the opposite of breaking an embargo. |
|
|
> As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo.