From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id CAA4A1F9FC for ; Fri, 19 Mar 2021 13:55:22 +0000 (UTC) Received: by mail-ed1-x535.google.com with SMTP id e7so10827289edu.10 for ; Fri, 19 Mar 2021 06:55:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=f7DlBs7yTNiKXCT5s+9fVEyww4ZgeqE3OVwHwLbv9fU=; b=CUWV5fVHCaCHxeLfVZPog3Up34w3JESPIUSuaCo7H0/CVSGT3JAYDNRXOfg4zNbAwj Hhk+aP7yqjmN+M4vRBpIjA/o/B2xw+/r9xV659klBcFDp8qvmdFBqmb3pH56g6nfd5fi LM5YFS3oUfQ+YNrtWZIKaBjHkOx2l0PU4AqJ31HcYdJrAUO9IbOv/WGuoWJBlQlc5GQe XcRQqCq5H7qUmM0vm8c7/+UubLPfrz3FSTt7asqsjAcGLGZ3FvgSgFEpnTjlgttu4DtI mIlnBXyOFcUfo3wPRFTKbJ2mEFwUUmXy+bLR78kwS+ut/ag/YkED74fQ6QIgBTxvNWty 6hgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=f7DlBs7yTNiKXCT5s+9fVEyww4ZgeqE3OVwHwLbv9fU=; b=sal00kp7A6iKSDWikWoyJ4HJ/0MAZMNnxZCUQG/+D6wyvvA6EmuZrcrSK1a5WDYbTx VfC8wzBmKor/mGXfSiGdqIRdLPB0hy2It8oboADy4Nnl27oNWt+MIu8ZKIie1e5RALlO s3pl+LhpmC8ZrEQffO82KvyGsyBGxAynEiCvwMMrzyqk1aLia/k/t27894FbySvWDYtf tlgG5eZo6WKJhaxbHWucsLrs+epuqGzBv2Qh5/1oZ9QBQ8V5qmxV+hQscXvyq2SgVtNi cHY+q5inyS+oOx77PDJhYScGiY6sqcbowPoKs/ES/NSV7/STQRvVejrUkPNab7b2qxQl 2dUQ== X-Gm-Message-State: AOAM531KdXu14uCl7XRGyl0s2uqTRvs+DkWIdwTHjshddBKxPqFN0YVC 3MK5DZwZIx26WEd9RFWJI5BVyw== X-Google-Smtp-Source: ABdhPJxKEQJZLd3jJLK2JNezVLJrqOdQowLXaYBtuxFOSW0LbiUhadNsYOQdEeHBFTeBX1T8as2Aqg== X-Received: by 2002:a05:6402:4407:: with SMTP id y7mr9721805eda.247.1616162121132; Fri, 19 Mar 2021 06:55:21 -0700 (PDT) Received: from dbussink.archimedes.bussink.me (178-85-12-131.dynamic.upc.nl. [178.85.12.131]) by smtp.gmail.com with ESMTPSA id r10sm3714679eju.66.2021.03.19.06.55.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Mar 2021 06:55:20 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: Potential Unicorn vulnerability From: Dirkjan Bussink In-Reply-To: <20210317084707.GA27536@dcvr> Date: Fri, 19 Mar 2021 14:55:20 +0100 Cc: John Crepezzi , Kevin Sawicki , unicorn-public@yhbt.net Content-Transfer-Encoding: quoted-printable Message-Id: <4A8AD1DE-1600-4115-87B4-6FFFD3B62C67@github.com> References: <20210311030250.GA1266@dcvr> <7F6FD017-7802-4871-88A3-1E03D26D967C@github.com> <20210312094129.GA14538@dcvr> <382B893C-A07C-4705-950E-6D1CA766D998@github.com> <20210312120007.GA24539@dcvr> <66A68DD8-83EF-4C7A-80E8-3F1F7AB31670@github.com> <20210313022615.GA32198@dcvr> <20210316103135.GA1173@dcvr> <6A5FDE1A-EAE5-4480-8F89-3F21B261DAAE@github.com> <20210317084707.GA27536@dcvr> To: Eric Wong X-Mailer: Apple Mail (2.3608.120.23.2.4) List-Id: Hi Eric. > On 17 Mar 2021, at 09:47, Eric Wong wrote: >=20 > Sure, I don't see why not. Though (as you might've figured) I'm > not a fan of marketing or putting a positive spin on things at all. > I can't dictate what others say, but I'm learning to get worse at > marketing over time :> FYI, we posted the results of our investigation at = https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare-race-conditio= n-in-our-session-handling/. We tried to stay factual there but I can=E2=80=99t judge of course how anyone reads it. Cheers, Dirkjan