Hacker News new | past | comments | ask | show | jobs | submit login

"As a compromise, I allowed them to silently patch the vulnerability." The way I read that they broke no embargo



They were pressured by OpenBSD to do so, and regret it. That doesn't mean they broke embargo, but it also doesn't reflect well on them. Do you think Theo would've respected the embargo if they had said "no, do not patch until the embargo date?"


Yes. He would have tried to persuade them, perhaps cut out the researchers to persuade CERT.


Who says they were pressured?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: