Bug#129604: general: Social Contract: We Do Hide Problems
You are misunderstanding two different circumstances.
Security alerts happen in two different ways:
1) The Author/Vendor/Security-Group discovers the vulnerability in a
closed situation. They want the distribution vendors to have a chance
to fix before making the vulnerability know. So they cooperate. This
is good, not only for the distro vendors, but for their users.
2) A vulnerability is discovered because it is being actively exploited
out in the wild. This sort of security issue is handled "as fast as
possible", because there is no cooperation to work things out in
advance, the damage is already being done.
Do not down play the role of situation "1" as being "closed".
--
.----------=======-=-======-=========-----------=====------------=-=-----.
/ Ben Collins -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: