On Saturday 21 February 2004 01.10, Matt Zimmerman wrote:
> On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
> > I think this is the time where I'd like to see some hard data. Which
> > DSA's would possibly have been released differently if such a
> > reorganisation would have been in place?
>
> Absolutely none. The proposed "reorganization" was basically to create a
> new security team out of thin air, not tell them about anything, and expect
> bugfixes sooner. It was nonsense.
>
> > [misinformation about CERT deleted]
Sorry for that - replace CERT by $GROUP_OF_VENDORS in all places. I was under
the impression CERT did the coordinating. I should do the research, I know...
> Those last two cases are equivalent. Think about it.
>
> The former is "entity publishes information". The latter is "entity
> discloses information to a 'select' group of people which then turns around
> and publishes it".
Yes, that's the only difference.
> Why would anyone do that instead of publishing the
> information themselves? If they wanted it to be widely known, they would
> make it so.
People do things for the strangest of reasons...
I just thought that this would be the only scenario where I could think that a
split security team could possibly act differently than the current security
team.
And it's only *could* act differently - so we have a very unlikely scenario,
so this shows that the proposal to split the security team (or create a 2nd
team, whatever) is really stupid.
cheers
-- vbi
--
Available for key signing in Zürich and Basel, Switzerland
(what's this? Look at http://fortytwo.ch/gpg/intro)
Attachment:
pgpFJwZL8XmMB.pgp
Description: signature