[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129604: general: Social Contract: We Do Hide Problems

You are misunderstanding two different circumstances.

Security alerts happen in two different ways:

1) The Author/Vendor/Security-Group discovers the vulnerability in a
   closed situation. They want the distribution vendors to have a chance
   to fix before making the vulnerability know. So they cooperate. This
   is good, not only for the distro vendors, but for their users.


2) A vulnerability is discovered because it is being actively exploited
   out in the wild. This sort of security issue is handled "as fast as
   possible", because there is no cooperation to work things out in
   advance, the damage is already being done.


Do not down play the role of situation "1" as being "closed".

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: