Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ubuntu and BSD still have no fixes. It indeed seems like a preferrential disclosure. Plus no 2nd-tier cloud providers like DO were notified.


It will be pretty unfortunate if it turns out that the projects that maintain a kernel (FreeBSD, various others) only received notification at Christmas, while various Linux distros (who have to deal with packaging, release, QA but not developing their own kernel patch since that comes from upstream) got a long warning period. It seems that way... Looking forward to reading about how this played out when the dust settles.


There was a post to OpenBSD- tech list telling no BSDs were told anything. And a blog post from Canonical says that the patch will be available 9th January (IIRC).


OpenBSD didn't respect the embargo a few months ago with the wifi issue, no surprise that they weren't told about this up front.


Yep, FreeBSD got notified a week before Christmas: https://www.freebsd.org/news/newsflash.html#event20180104:01

The Spectre mitigation is expected soon but there is no ETA on Meltdown yet: https://www.reddit.com/r/freebsd/comments/7och5a/freebsd_was...

As others say, OpenBSD indeed violated embargoes a few times.


There is basically no independent upstream (other than a handful of people). Essentially all the kernel developers work for the companies that have distros plus organizations like Intel, Qualcomm, etc. that do a lot of device enablement.


I agree in general. In this particular case, though, a good fraction of the work was done by me and tglx. I'm independent. Tglx is sort of independent.

This is not to diminish the work done upstream by less independent people. Dave Hansen, in particular, is the one who actually got the code to function.


Canonical said they were told in November.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: