On Thu, 26 Apr 2007 02:10:05 -0700 Colin Percival <[EMAIL PROTECTED]> wrote:
> Scott Long wrote: > > Yar Tikhiy wrote: > >> [snip] > >> It's a good news! But what about explaining the code to the public? > >> > >> - Mr. Developer, why does it take an ugly hack to make the device work? > >> - Can't tell ya, I'm under NDA. > > > > I think you have to respect that John and Stephan were doing the right > > thing with this. This was no different than a security fix that gets > > committed before the vulnerability is disclosed. No one seems to get > > upset that the security team operates this way. > > I can only think of one recent case where a security fix was applied without > the vulnerability details becoming public within a matter of minutes (i.e., > as soon as we could get the advisory signed and uploaded), and that was due > to a desire to avoid upstaging my BSDCan talk about hyperthreading (and in > that case, all the details became available about 16 hours after patches were > committed). > > That said, I think we have to respect the fact that NDAs, while not ideal, > provide limited access to information which would otherwise be entirely > unavailable; and in such circumstances I think Yar's suggested response of > "Can't tell ya, I'm under NDA" would be perfectly acceptable. Oh, opinion time. My concern isn't with the NDA as long as a useful commit is made. I think we should be happy something is being put into cvs at all. -- Tom Rhodes _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"