Re: Bits (Nybbles?) from the Vancouver release team meeting
* Matthew Palmer <firstname.lastname@example.org> [050315 01:48]:
> I think a lot of users would consider it a problem. Imagine, would you be
> happy with a highly visible public announcement of every vulnerability
> against your servers, a week before you got the fix?
Yes, indeed I (and I think most others) are very unhappy with the
opposite: Not beeing told there is a vulnarability when enough people
know it that one has to assume the black-hats know it, too.
Knowing there is a vulnarability one can shut down optional services,
or monitor some services more thoroughly. The script kiddies will have
to wait until they get their scripts and I doubt wait for the
annoucement of the vulnerability.
Bernhard R. Link