Leo Famulari <leo@famulari.name> writes:

[...]
> But, the "Stack Clash" issues took us by surprise and we spent a few
> days writing and testing our fixes. We are committed to supporting
> 32-bit platforms where these bugs are apparently easy to exploit.
> Without access to the exploits or detailed discussion, it was very
> difficult to know if our fixes actually worked. So, we could have
> responded more quickly and effectively with early notice.
[...]

Should we bring this discussion to nix devs as well? I am sure they are
facing the same issue of not having early access to vulnerabilities. It
will be insightful to know how they dealt with it in the past and their
opinions on joining the list.