Comment by 0x0
20 hours ago
Dropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days?
20 hours ago
Dropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days?
There is no one accepted set of norms on disclosure. Any strategy you take, someone will criticize.
I don’t know if “cool” is the word I’d use, but there isn’t an established “right” way to disclose a vulnerability that you found outside of a contracted security review or other employment/contracting arrangement.
mainline was patched a month ago