On Tue, 18 Oct 2016, Florian Weimer wrote:

Why didn't you coordinate the disclosure with distributions?

Debian assigned a CVE ID to you in good faith, but the promised coordination never happened. We never received the details of the vulnerability, nor the planned disclosure date.

Not entirely Martin's fault. It wasn't entirely clear to the Quagga side Martin was under obligations elsewhere on this.

Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Dr. Livingston?
Dr. Livingston I. Presume?

Quagga-users mailing list

Reply via email to