oss-sec mailing list archives

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:)

From: Solar Designer <solar () openwall com>
Date: Tue, 4 Nov 2014 06:28:42 +0300

On Tue, Oct 28, 2014 at 04:47:02PM +0300, Alexander Cherepanov wrote:

On 2014-10-15 12:30, Solar Designer wrote:

- Please don't send fully working exploits (but testcases that exercise
the flaw are welcome)

FWIW, I've always been tempted to remove the latter guideline,


Then perhaps just remove it?


Removed.

This removal isn't meant to actively encourage posting of "weaponized"
exploits, but it merely means we don't feel we currently need to include
a guideline on this.  In other words, this guideline was trying to
address a problem we didn't have, and I hope its removal won't create a
problem.

Alexander

Current thread:

Re: Truly scary SSL 3.0 vuln to be revealed soon:, (continued)
- - - Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
    - list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
    - Re: SSL POODLE Florian Weimer (Oct 15)
    - Re: SSL POODLE Hanno Böck (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
  - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 15)

(Thread continues...)