cvs commit: src/sys/amd64/amd64 pmap.c src/sys/i386/i386 pmap.c
Colin Percival
cperciva at freebsd.org
Thu Apr 26 09:11:23 UTC 2007
Scott Long wrote:
> Yar Tikhiy wrote:
>> [snip]
>> It's a good news! But what about explaining the code to the public?
>>
>> - Mr. Developer, why does it take an ugly hack to make the device work?
>> - Can't tell ya, I'm under NDA.
>
> I think you have to respect that John and Stephan were doing the right
> thing with this. This was no different than a security fix that gets
> committed before the vulnerability is disclosed. No one seems to get
> upset that the security team operates this way.
I can only think of one recent case where a security fix was applied without
the vulnerability details becoming public within a matter of minutes (i.e.,
as soon as we could get the advisory signed and uploaded), and that was due
to a desire to avoid upstaging my BSDCan talk about hyperthreading (and in
that case, all the details became available about 16 hours after patches were
committed).
That said, I think we have to respect the fact that NDAs, while not ideal,
provide limited access to information which would otherwise be entirely
unavailable; and in such circumstances I think Yar's suggested response of
"Can't tell ya, I'm under NDA" would be perfectly acceptable.
Colin Percival
More information about the cvs-all
mailing list