On Tue, 18 Oct 2016, Florian Weimer wrote:
Why didn't you coordinate the disclosure with distributions?
Debian assigned a CVE ID to you in good faith, but the promised
coordination never happened. We never received the details of the
vulnerability, nor the planned disclosure date.
Not entirely Martin's fault. It wasn't entirely clear to the Quagga side
Martin was under obligations elsewhere on this.
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Dr. Livingston I. Presume?
Quagga-users mailing list