On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
In other cases, that entity discloses informatin only to a select few parties, amongst them the non-CERT Debian security team. This is the one case where that scheme does make a difference. Has this ever happened in the past?
This has nothing to do with CERT, that's a red herring. There is *no* case where this reorganization would make a difference because a security problem that is public (e.g., reported independently by someone outside the original disclosure chain) will be immediately published regardless of whatever the original reporter's plans were. Mike Stone