alt Hacker NewsDropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days?
Replies
akerl_ • yesterday at 9:09 PM
I don’t know if “cool” is the word I’d use, but there isn’t an established “right” way to disclose a vulnerability that you found outside of a contracted security review or other employment/contracting arrangement.
john_strinlai • yesterday at 10:29 PM
mainline was patched a month ago
There is no one accepted set of norms on disclosure. Any strategy you take, someone will criticize.