Bug#129604: a possible third way: guaranteed openness, but only in x days?
Let's say we can find some trustworthy system, or some trusted third party
to do the following.
Once a security exploit is found, estimate the time needed to fix and send
it through this system that will deliver the security warning guaranteed
after the estimated fix period.
I'm sure the idea of a confrontation with an overly conservative fix time
estimate -afterwards- will keep this silence time short.
Oh well, just an idea. Probably been discussed about before a lot...