Balls were definitely dropped. My understanding of the Lazy FPU event is that (a) someone at Intel asked if OpenBSD signed NDAs and was told no, then shrugged their shoulders and didn't pursue it any further; and (b) someone at OpenBSD tried to get in touch with Intel, but didn't talk to the right people (Intel is very siloed), and didn't get anywhere.
I've witnessed conversations since then between Intel people and FreeBSD people basically consisting of FreeBSD people saying "you guys really need to include OpenBSD" and Intel people saying "yeah... can you help get us connected with the right people?" so I don't think it's fair to suggest that OpenBSD is being purposely excluded.
Is OpenBSD supposed to comply with secret terms
I think that OpenBSD should follow the norms of the security community, i.e., contacting other operating system vendors and coordinating disclosures -- regardless of how they come across a vulnerability.
So that one day they might get invited to the cool kids secret club?
Not breaking embargoes doesn't seem to have done that for them yet.
Instead we get people like you FUDing about how they are unable to keep secrets and are justifiably being blocked from information.
I'd rather they look out for me, a user, than get the worst of both worlds, just because one day it might pay off.
these kind of memes last literally forever, in 10 years they will still be talking about how OpenBSD "broke" the KRACK embargo, and we shouldn't tell them anything.
> Is OpenBSD supposed to comply with secret terms that they are purposely not made aware of, nor have agreed to?
You discovered the secret, but recognize that embargoes still have value even if you weren't part of it. Be the better project, show magnanimity, and don't place end users of other projects at undue risk.
> That's a pretty unfair standard don't you think?
I agree that 12 month embargoes are stupid. I know that there are people, including FreeBSD people, who have been vigorously encouraging Intel to be more reasonable about how such issues are handled.
I played a small role in that after Theo announced the Lazy FPU issue, by writing exploit code and telling Intel (via the FreeBSD people in the embargo) "shorten the embargo or else".
Given how much Intel likes to throw their weight around wrt embargo terms well past the point of being unreasonable, maybe it's a good thing that someone holds a gun to their head every once in a while.
If you want to lead market in mission-critical product, there's a certain amount of responsibility that you have to your customers and more than once Intel has lost sight of that.
Who exactly wasn't willing to work with who here?
Is OpenBSD supposed to comply with secret terms that they are purposely not made aware of, nor have agreed to?
That's a pretty unfair standard don't you think?