> You have a valid point: any bug is a security problem. > However, the topic is not my management practices and > the tradeoffs involved therein. The topic is the > efficacy of the security-announce list. If I knew > security-announce was broken I could write a screen-scraper > to check the errata page for me.
The simple assumption that has never failed me is "everything is broken, don't trust it". Cheers, A