On 09/04/2014 16:17, Walter Hop wrote:
In my opinion this issue couldn't have been handled any better considering what
it takes to do the job properly, congrats to the security team from me.
-Kimmo
Please don’t frame this as criticism of the security people, that’s not fair.
Of course we all
The problem here is that a workaround wasn't communicated and I suspect
a very small number of religous users actually sub to security@ - also
bare in mmind that the website wasn't updated until a number of hours
after, including rss which I suspect most people use.
I am not trying to undermin
On 10/04/2014 11:47, Dag-Erling Smørgrav wrote:
Joe Holden writes:
IME issues like this need to be patched first, tested later [...]
If we'd done that and screwed up, you'd be on the barricades demanding
our heads.
DES
Given the nature of the patch, and it being experimental
Really, how many SCTP users are there om the wild... maybe one?
It shouldn't be in GENERIC at the very least!
On 28/01/2015 21:19, Mark Andrews wrote:
In message <20150128194011.2175b...@hub.freebsd.org>, "Roger Marquis" writes:
If SCTP is NOT compiled in the kernel, are you still vulnerable
