On Thu, 21 Jun 2018 08:34:55 -0700 (MST)
> It was a good talk either way.. It's an issue that keeps getting > larger as time goes on. Whilst I can see but disagree with a point of view that Open Source will be locked out if they don't comply with embargos. I would not participate. After all, those that have important stuff to protect will patch sooner. Are they supposed to sit on those patches for a month (after 3 weeks of cloud provider notification?) to allow those who run blogs about flower arrangements to patch at the same time. Who decided clouds are more important than Open Source. I'm sure there are some exceptions, military/gov that pay to patch well in advance and perhaps the cloud providers pay to be part of those programs, but it is wrong. Do Intel profit from bugs? They should have the resources to countermeasure or check and reset as needed. Anything more than very short embargos surely just create windows of opportunity for attackers. High assurance systems will likely have extra defenses on top of Intel chips anyway. We should want to send a clear message and be annoyed about *anyone* signing upto embargos. Or is it "playing the game"...I hate that term!
