[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits (Nybbles?) from the Vancouver release team meeting

* Matthew Palmer <mpalmer@debian.org> [050315 01:48]:
> I think a lot of users would consider it a problem.  Imagine, would you be
> happy with a highly visible public announcement of every vulnerability
> against your servers, a week before you got the fix?

Yes, indeed I (and I think most others) are very unhappy with the
opposite: Not beeing told there is a vulnarability when enough people
know it that one has to assume the black-hats know it, too.

Knowing there is a vulnarability one can shut down optional services,
or monitor some services more thoroughly. The script kiddies will have
to wait until they get their scripts and I doubt wait for the
annoucement of the vulnerability.

Hochachtungsvoll,
  Bernhard R. Link
Reply to: