[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What's going on with advisory for phpmyadmin?

On Fri, Oct 28, 2005 at 04:26:43PM +0100, Steve Kemp wrote:
> On Fri, Oct 28, 2005 at 10:16:03AM -0500, John Goerzen wrote:
> > On Fri, Oct 28, 2005 at 04:42:31PM +0200, Piotr Roszatycki wrote:
> > > Why my report was ignored? I've reported the problem 3 days ago and I had no 
> > > reply.
> > 
> > This seems to be a very frequent problem going on for awhile now.
> > 
> > Could someone from the security team comment on what the problem is?
> 
>   The problem is that we receive a lot of reports, each of which may
>  involve a significant amount of time to attend to.
> 
>   New entries are pushed onto the stack almost daily.  Whilst some
>  are simple and can be dealt with easily some are more complex and
>  obviously we cannot disclose them publically.
> 
>   If it is useful I could begin sending out a form response, something
>  like "Yes we recieved your report, yes we will fix it, please have
>  patience".
> 
>   However a useful response such as "Yes we've got your package report
>  and we'll update an advisory after we've done openssh, mozilla, the
>  kernel." is not going to happen.  Even estimating an advisory date
>  is going to be non-trivial.

I think some sort of confirmation would be invaluable.

-- 
Horms
Reply to: