David Carlier is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

David Carlier @devnexen@mastodon.social

@pierre The basic idea is that vendors hold fixes back, and cooperate to release their fixes concurrently.

On the surface, this looks reasonable.

But end-user security falls apart when information leaks, or when government agencies get involved which happens if someone requests a CVE. So in this WPA case, US gov agencies knew about the bug for at least as of the second embargo.

Does such an embargo serve your interests? Not really. As an end user, you are interested in getting a patch ASAP.

Dear @openbsd musician if interested try out @lmms stable-1.2 branch to test proper sndio MIDI/Audio support (thanks to initial work from port patchset).

Every time I see a @openbsd release I only see source tree unlocked :-) nevertheless I m happy for the users benefiting the new features/fixes :-)