On 09/01/18 02:33 PM, D. Hugh Redelmeier via talk wrote:
| From: David Collier-Brown via talk <talk@gtalug.org>
| On 09/01/18 12:23 PM, D. Hugh Redelmeier via talk wrote: | > In fact, the first news broke because an AMD patch to the kernel | > spilled the beans. The AMD patch turned off the already present | > mitigation for Meltdown in the case of AMD processors. | > - | | Erk! Can you point us to a description this? It seem slightly pessimal (;-))
I think that this posting to the Linux Kernel Mailing List is considered to have let the cat out of the bag for Meltdown.
<https://lkml.org/lkml/2017/12/27/2>
The problem had been "responsibly disclosed" about half a year before to folks considered responsible (i.e. not us).
I'm not 100% comfortable with "responsible disclosure". Especially with half a year lead time.
"Responsible" is a term of art in sophistry (:-)) According to commentators on Bruce Schneier's blog, the terms evaluate to
Full Disclosure: Method of speeding up the delivery of patches by distributing exploits.
Responsible Disclosure: Syn. cover-up
--dave -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain