Re: Bad press again...
Paul Gear <paul@gear.dyndns.org> writes:
> Alvin Oga wrote:
>>
>> On Sun, 28 Aug 2005, Florian Weimer wrote:
>>
>>
>>>AFAIK, you can only blame the security team for lack of communication.
>>
>>
>> nah ... they're doing fine .. to the extent is needed ??
>>
>> if it's important... they will post dsa ??
>
> There certainly have been exceptions to that rule. The maintainer of
> shorewall has been trying for weeks to get a DSA issued about a
> vulnerability, and it seems we have to convince Joey that it *is* a
> vulnerability before he'll issue it. (I don't understand this - how can
> Joey even *try* to understand every security bug?) Repeated attempts to
> communicate this have been met with silence.
Think about this: How else can he judge the bug is fixed or not?
MfG
Goswin
Reply to: