[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

> > I'd rather see a fix before the whole wide world notices that my
> > servers can be compromised. Like if I leave my door wide open, and
> > notice it at the way toward the office, I'd first phone the
> > neighbours, and not tell everyone who happens to come by.
> > 
> Not quite the right metaphor.


> Public announcement of security problems: Anyone's allowed to tell you
> your door is open.  It's up to you whether you close it straight away,
> or wait for someone to tell you how to close it.

This is not public announcement. This is announcement to ME, a "closed
list". Anyone can find the vulnerability, and notify the vendors and
upstream, the ones who have the ability to fix it. However, would they
announce it publicly, I'd get robbed straight away, before I get a
chance to rush home or phone the neighbours.

Attachment: pgp8cq7ZTWk_j.pgp
Description: PGP signature

Reply to: