Bengt Richter <b...@bokr.com> writes: > Given that crims &co monitor developer discussions to discover > unfixed vulnerabilities and clues re exploiting them, > what are your ideas to avoid building a tool that can be abused? > > E.g., How will your tool avoid leaking info during an embargo window > while trusted developers are secretly/privately fixing > critical vulns?
That's a point to consider I think. Most of what I'm thinking about is for published vulnerabilities in software packaged for Guix, but you raise a valid point, so thanks for bringing it up. Chris
signature.asc
Description: PGP signature
