* Anthony DeRobertis <asd@suespammers.org> [020119 13:09]: > Can't we satisfy not disclosing the vulnerability and letting > our users know by doing something like this: > > Debian has been informed of a [<<type>>] vulnerability in I only advise that this happens IF and ONLY IF those alerting multiple vendors says it is ok, and IF and ONLY IF it gets put out on widely used channels, in a context not debian specific. (bugtraq, for instance) If we just warn debian users, we do a disservice to other vendors. If we warn without asking, we will never find out in advance from anyone anymore, and our users will be worse off. -- Scott Dier <dieman@ringworld.org> http://www.ringworld.org/ the desire for space travel is a metaphor for escape
Attachment:
pgprEWZJEFOjz.pgp
Description: PGP signature