Re: Is Debian affected by the recent MySQL sql/password.c flow?
On 06/12/2012 02:23 AM, Aron Xu wrote:
> I'm not saying you are disclosing anything, but you are asking if
> someone knows it's in what status publicly in a Debian development
> mailing list. Then this may lead to some disclosing and even mislead
> some other people. Yes there are many people doing tests just like
> you, and they are reporting their results in many ways they prefer.
> But as you are a DD you'd better not ignore our Security Team when
> starting discussion publicly about a security incident your are not
> sure whether it's relevant to Debian. People at Security Team are not
> only responsible for fixing things when it breaks out, but also make
> sure sensitive information is being disclosed in a correct form at a
> correct time. In the end, I believe talking with them beforehand is
> always a right way to do, no matter if Debian is affected by this
> particular issue.
>
The first time I wrote it, it wasn't clear enough. Maybe writing with
CAPS-ON will help your understanding! :)
IT HAS ALREADY BEEN MADE PUBLIC (for example: on slashdot) !!!
Do you get it now? :)
With such security "glitch", how much do you expect from keeping
such a discussion secret, with the security team? I'm telling you,
you'd achieve absolutely nothing. Everyone will know so fast that
it doesn't mater at all. And it's better that everyone in Debian knows
about what's going on, so we have at least a little be of opportunity
to fix what can be before disasters.
Thomas
Reply to: