[GTALUG] Meltdown disclosure [was Re: Intel Meltdown Bug -- Conundrum For New Desktop PC Build Spec (to run debian Linux) -- Switch From Intel CPU To AMD CPU ??]
davec-b at rogers.com
Tue Jan 9 16:02:51 EST 2018
On 09/01/18 02:33 PM, D. Hugh Redelmeier via talk wrote:
> | From: David Collier-Brown via talk <talk at gtalug.org>
> | On 09/01/18 12:23 PM, D. Hugh Redelmeier via talk wrote:
> | > In fact, the first news broke because an AMD patch to the kernel
> | > spilled the beans. The AMD patch turned off the already present
> | > mitigation for Meltdown in the case of AMD processors.
> | > -
> | Erk! Can you point us to a description this? It seem slightly pessimal (;-))
> I think that this posting to the Linux Kernel Mailing List is
> considered to have let the cat out of the bag for Meltdown.
> The problem had been "responsibly disclosed" about half a year before
> to folks considered responsible (i.e. not us).
> I'm not 100% comfortable with "responsible disclosure". Especially
> with half a year lead time.
"Responsible" is a term of art in sophistry (:-))
According to commentators on Bruce Schneier's blog, the terms evaluate to
> Full Disclosure:
> Method of speeding up the delivery of patches by distributing exploits.
> Responsible Disclosure:
> Syn. cover-up
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
More information about the talk