On Sat, Jun 26, 2004 at 02:39:02PM +0200, martin f krafft wrote: > anything from its users. If a root exploit is out there, users want > to know about it. Keeping it a secret is childish.
what would be the alternative? The security team would have to annonce "there's a possible security flaw in package XY, we're on it, but it may take some more days to fix it" What's the worth of such announcements? Users (You'd) know about a bug, but still could not do anything about it. After all, I'd strongly object to my web-host/ISP/Sys-Admin/... switching off apache/php/ssh/name-whatever-tool-you-really-need because they have heard of an yet unfixed security-problem. > > So what is the official procedure of the security team? I guess it's "work as hard ass posible to fix it as soon as possible and then release a fix on d.s.o". good night Horst. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]