We have early access to Android Security Bulletin patches and will be able to set up a workflow where we can have releases already built and tested prior to the embargo ending. For now, we've still been doing the builds after the embargo ends. It will mainly help when they screw up pushing to AOSP.
I made a guess at their official reasoning for the policy. I made no comment about my own feelings or beliefs beyond that. And no, I don’t think that would stop anyone.
Do you have a better guess at why they’re doing this? Because I can’t think of another reason why they’d be sharing the patches but prohibiting disclosure of them.
Isn’t that common to not release how a vulnerability can be exploited publicly until you have it patched? Like yeah it won’t stop bad actors familiar with the space, but it would prevent normies like me jumping on the train.
Are you being /s? Genuinely, do you really feel just because vulnerabilities aren’t publicly exposed they can’t be exploited?
I made a guess at their official reasoning for the policy. I made no comment about my own feelings or beliefs beyond that. And no, I don’t think that would stop anyone.
Do you have a better guess at why they’re doing this? Because I can’t think of another reason why they’d be sharing the patches but prohibiting disclosure of them.
Isn’t that common to not release how a vulnerability can be exploited publicly until you have it patched? Like yeah it won’t stop bad actors familiar with the space, but it would prevent normies like me jumping on the train.