Re:议程——破碎的禁运

我同意一旦受到公开没有把它放回去。显然不是你的责任,但是有一个“安全”的机制?如果不是这样,也许这个工具可以减少“尖锐”。我知道你把“公共”大字母中间两次但blob的文本。我能想到的很多安全(延迟、电子邮件等),但我最喜欢的是以下。你已经有这些语句“我确认……”。也许很容易有一个更像是“我想确认这个信息不可逆转地公开现在或者它已经公开了。”Pascal On Wed, 2018-03-21 at 09:47 -0600, Kurt Seifried wrote: > So I had someone submit a CVE request to the PUBLIC form > iwantacve.org, and > then go "oops, can you delete that" to which I replied "no, genies > out of > the bottle, sorry", is there any official MITRE or CVE policy on such > a > thing? I know in the Open Source world (e.g. distros list) any public > leak > is treated as the embargo being broken because, well, it is. I'm > inclined > to keep that policy for the DWF, but was wondering if anyone else had > any > thoughts/comments/concerns? I know it's more of an internal CNA > matter but > it might be good to provide some guidance or at least information of > the > pros/cons around this. >