←back to thread

Libxml2's "no security embargoes" policy

(lwn.net)
278 points jwilk | 1 comments | 25 Jun 25 19:36 UTC | HN request time: 0.273s | source
Show context
kstrauser ◴[25 Jun 25 22:52 UTC] No.44382528[source]
> It includes a request for Wellnhofer to provide a CVE number for the vulnerability and provide information about an expected patch date.

“Three.”

“Like, the number 3? As in, 1, 2, …?”

“Yes. If you’re expecting me to pick, this will be CVE-3.”

replies(2): >>44386285 #>>44387688 #
1. mrweasel ◴[26 Jun 25 11:24 UTC] No.44386285[source]
I think he should just reject reports of vulnerabilities if they aren't accompanied by a patch.