> > That's exactly my though. Specially, because FreeBSD and NetBSD were > > warned, but not OpenBSD. If this was only a rant or any childish > > behavior from them, it's something stupid and, of course, not the right > > thing to do. But hey, we're all human. My real concern is if this > > something else, a hidden agenda, in that this "stupid disclosure" was > > indeed, carefully planed. One can never have too many conspiracy > > theories. Specially after what has been happening the last year. Thanks > > for the clarification. > > Mark Cox claims that the reason OpenBSD was not told is because OpenBSD > is not on the distros mailing list and if we were then "they'd be able > to work with other distros on issues in advance." > > It's at http://oss-security.openwall.org/wiki/mailing-lists/distros . > > Not saying I believe or disbelieve him, but it can't hurt to join even > if it is only until 5.6 comes out.
That is an interesting claim. It sounds like we should test it, rather than take it as fact. Let's ask the right people. Kurt and Solar -- You are the primary contacts for the oss-security email list. Are you are aware of any operating system, product suppliers, or service providers who were notified early by OpenSSL... but are not found on the private mailing list? I think it would be poor style to ask for specific names, but a vague statement confirming or denying things would be nice. There are claims that attendance on your private email list is required & sufficient for early disclosure from OpenSSL. Thanks in advance for any clarity you can supply to this question.
