Comment by ajross
6 months ago
Yeah, that's not the sense of "embargo" used in the text you quoted. I think you're arguing about something else. AOSP not getting prompt security patches is indeed a problem, but it's not relevant here. Per the article there is no fix for the updated attack.
> Yeah, that's not the sense of "embargo" used in the text you quoted. I think you're arguing about something else. AOSP not getting prompt security patches is indeed a problem, but it's not relevant here. Per the article there is no fix for the updated attack.
I'm not sure you are aware that the embargo references an NDA that you have to sign in order to get the updated sources/patches before the 3-months delay until it is released to the public.
Then guess what an NDA has to do with the condition of "being allowed" or "not being allowed" to publicly disclose a security bug that you've found.
[1] https://android.googlesource.com/platform/docs/source.androi...