[GTALUG] Meltdown disclosure [was Re: Intel Meltdown Bug -- Conundrum For New Desktop PC Build Spec (to run debian Linux) -- Switch From Intel CPU To AMD CPU ??]

David Collier-Brown davec-b at rogers.com
Tue Jan 9 16:02:51 EST 2018

On 09/01/18 02:33 PM, D. Hugh Redelmeier via talk wrote:
> | From: David Collier-Brown via talk <talk at gtalug.org>
> | On 09/01/18 12:23 PM, D. Hugh Redelmeier via talk wrote:
> | > In fact, the first news broke because an AMD patch to the kernel
> | > spilled the beans.  The AMD patch turned off the already present
> | > mitigation for Meltdown in the case of AMD processors.
> | > -
> |
> | Erk!  Can you point us to a description this? It seem slightly pessimal (;-))
> I think that this posting to the Linux Kernel Mailing List is
> considered to have let the cat out of the bag for Meltdown.
> <https://lkml.org/lkml/2017/12/27/2>
> The problem had been "responsibly disclosed" about half a year before
> to folks considered responsible (i.e. not us).
> I'm not 100% comfortable with "responsible disclosure".  Especially
> with half a year lead time.

"Responsible" is a term of art in sophistry (:-))

According to commentators on Bruce Schneier's blog, the terms evaluate to

> Full Disclosure:
> Method of speeding up the delivery of patches by distributing exploits.
> Responsible Disclosure:
> Syn. cover-up


David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain

More information about the talk mailing list