Re: Is Debian affected by the recent MySQL sql/password.c flow?
On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
> sure whether it's relevant to Debian. People at Security Team are not
> only responsible for fixing things when it breaks out, but also make
> sure sensitive information is being disclosed in a correct form at a
> correct time. In the end, I believe talking with them beforehand is
> always a right way to do, no matter if Debian is affected by this
> particular issue.
Coordinated disclosure is irresponsible, and we shouldn't do it.