Post Syndicated from original https://lwn.net/Articles/896829/

Opinions differ on the best way to disclose security vulnerabilities, but
there is a general consensus in our community that vulnerabilities
should, indeed, be
made public at some point. What happens between the discovery of a
vulnerability and its disclosure can be more controversial. A recent
discussion on the handling of kernel vulnerabilities has led to change in
the policies of the linux-distros mailing list — all based on the question
of what constitutes “disclosure”.