Hello everyone, it’s the first time I discovered a vulnerability (encountered accidentally) so I would like to make sure that I react properly. I’m not an expert but I could easily say that’s a major vulnerability, it’s concern a linux distribution which needs a physical access to the machine. I already contacted the security team (that doesn’t offer a bug bounty) who replied to me “Thank you for passing this on, really appreciate it. I’ll get it in front of the right team for further investigation…”. My question is after they patched the vulnerability, could I post the vulnerability? on reddit? Or do I need to ask them first? Thank you in advance for your advice.