Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Especially as the fixes seemingly have been going into their public GitHub branch for days, since the report. I wonder if that was a conscious choice or negligience, maybe I'm missing something? I would expect these to be released as patches/merged in when the vulnerability is published, like a lot of other security-critical open source software does it.


The researcher released the writeup. The researcher doesn't work for Tailscale. The researcher doesn't release the patch.


    > Coordinated Disclosure time proposed by Tailscale, accepted by us, Tailscale shares planned Security Bulletins and blog post




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: