A Stack Clash disclosure post-mortem

For those who are curious about how the community deals with a seriousvulnerability, Solar Designer's description of the embargo process aroundthe "Stack Clash" issue (and his unhappiness with it) is wortha read. "Qualys first informed the distros list about this upcoming set of issueson May 3. This initial notification didn't say Stack Clash nor anythinglike that, but merely expressed intent to disclose the issues andconcern that the list's maximum embargo duration of 14 to 19 days mightnot be sufficient in this case. In the resulting discussion, I agreedto consider extending the embargo beyond list policy should there beconvincing reasons for that. In retrospect, I think I shouldn't haveagreed to that."