[rdtsc]

> FreeBSD Security Team was notified of the issue in late December

Anyone else thinks this was kind of a slap in the face to the smaller communities and companies or is it just me?

They were notified in late December, right before the holidays, so that's basically only 2-3 weeks of work. Obviously nobody _had_ to notify anyone, could have just released it right away, so it was a professional courtesy, but why not extend it to a few more projects?

Before anyone says "but OpenBSD broke an embargo before", this is a different project and besides having BSD in the name don't see why they were excluded.

[loeg]

FreeBSD secteam was only notified — at all — because Netflix (a big FreeBSD user) requested it of Intel. It was a big slap in the face to smaller communities by Intel.

[Bromskloss]

How did Netflix know about it?

[loeg]

I guess, but do not have firsthand knowledge, that Intel disclosed directly to them as a large customer.

[bogomipz]

>"Anyone else thinks this was kind of a slap in the face to the smaller communities and companies or is it just me?"

Indeed. There seems to be a security oligarchy now consisting of Google, FB, Apple, Amazon et al. and Intel.

[wildmusings]

The more people you tell, the higher the chance of a leak. "Loose lips sink ships."

[kchoudhu]

FreeBSD isn't two people in a garage, it's a foundational part of the internet developed by professionals who can be counted upon to do the right thing.

Intel and Google don't have a leg to stand on: I'm super glad they found the bugs, but their disclosure has been nothing but a shitshow.

[wildmusings]

I’m not arguing for or against anyone in particular getting notice. I’m just pointing out why they’d limit it in principle. You have the draw the line somewhere.

[user5994461]

>>> Before anyone says "but OpenBSD broke an embargo before", this is a different project and besides having BSD in the name don't see why they were excluded.

AFAIK they all share the same brand name BSD and they are all closely affiliated.

[loeg]

> AFAIK they all share the same brand name BSD and they are all closely affiliated.

This is a gross falsehood.

They all variously diverged from a parent project, called BSD, in the 90s. Since then they are wholly independent. Because of the common license and heritage, code sharing is often easy and legally unrestricted. But their leaders, policies, and philosophies are very distinct.

[sametmax]

But if one BSD get the memo, the other ones will too right ? That's the point.

[loeg]

No, that is also a total fabrication. Please stop making things up.

FreeBSD secteam does not leak NDAed or embargoed information to other BSDs.

[andrewchambers]

That's like saying all GPL software are closely afficliated.