LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of David McBride
said:
> As I'm not a member of the vulnerability group, I can't see that bug.
Any system manager is entitled to join the group.
> Can you tell me when that bug was raised?
June 15th (the vulnerability group has only been going since the end of
May).
> (Actually, given that this issue is now rather public, would it make
> sense to declassify this specific bug report?)
The whole issue of disclosure has been hotly debated! The current
position is that the vulnerability group itself only discloses things
within the project(s), wider disclosure is up to the project management.
Details of the vulnerabilities are being circulated to the site security
contacts list, and in fact one mail went out today, so if you didn't get
it something may have gone wrong ...
Stephen
|