On Mon, Aug 29, 2005 at 07:40:23AM +1000, Paul Gear wrote:
There certainly have been exceptions to that rule. The maintainer of shorewall has been trying for weeks to get a DSA issued about a vulnerability, and it seems we have to convince Joey that it *is* a vulnerability before he'll issue it. (I don't understand this - how can Joey even *try* to understand every security bug?) Repeated attempts to communicate this have been met with silence.
I disagree that convincing the security team of the severity of a bug is unreasonable. I also disagree with the characterization that much effort has been put into describing the bug. Mike Stone