Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Eh? An embargo is where you share information with someone on the grounds they don't release it until a certain date. If you come by the information some other way then clearly you're not a party to the embargo.


You can respect an embargo even if you got your information elsewhere.


The existence of the embargo is usually a secret as well. Hard to play the game when you're not told the rules.


why would you?

The language being used makes it sound like somehow openbsd is breaking agreements. Considering this appears to be the result of the false perception that OpenBSD breaks embargos they are a party too, its important to fight this loose usage of words.


In the vast majority of cases it is the prudent way to go about it and not doing it (with intent) is often reckless and a dick move well deserved of criticism.

This/these cases however might be an exception.

I fully agree that one should be careful of propagating such false perceptions about OpenBSD (or any other entity).


I disagree. As long as the embargo is purely related to this or that company profiting over another, as opposed to being potentially a matter of safety (see the UK D Notice system, for example), it's laughable to describe breaking something covered by someone else's optional embargo as a "dick move". On the contrary, it's generally highly amusing, and at the very least informative.


I agree and that is exactly what I meant.

However these circumstances can also be a matter of safety. For instance, an easily exploitable SSH vulnerability can incur serious damage to lots of institutions.

Further, the embargo isn't/shouldn't be about protecting Intel - it's about protecting everyone that uses Intel CPUs (sometimes those goals are aligned, sometimes not). How you go about that is one thing and if you intentionally disrespect that embargo (whether you were in on it or not) means that the assumptions and motivations for the embargo are invalidated and the consequences could be huge.

Now you don't necessarily have to agree with the embargo but if you don't know the consequences (in this case it looks like it was likely to be known) you take it up on yourself that you (with most likely very limited information) can identify the consequences of doing such a disclosure.

It's the same problem of doing a irresponsible disclosure of a major vulnerability. Most do consider that to be a dick move.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: