Do you need a full source tree for this ? IIRC major Linux distros do this via p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		m4rtink on Sept 13, 2021 \| parent \| context \| favorite \| on: Disclosing E2EE vulnerability in multiple Matrix c... Do you need a full source tree for this ? IIRC major Linux distros do this via preliminary disclosure to a private mailing list possibly with a patch attached. That way distros can do a local build to verify the patch works and fixes the issue & they then apply the patch in their public infra right after the embargo runs out.

eighthave on Sept 14, 2021 [–]

This patch workflow would also work with F-Droid. I don't know of any other workflows for this situation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact