Florian Weimer wrote: > * Paul Gear: > > >>I don't know upon what you're basing your characterization, but i'm >>party to at least 3 emails to Joey describing the nature of the bug >>in sufficient detail to understand it as a security flaw. > > > Was this pre- or post-disclosure?
There was no pre-disclosure. A bug was reported - the reporter didn't even realise it was a security flaw, but Tom Eastep, the author, did. He released a patch and an announcement within a few hours, then we got to packaging new versions. > In the latter case, such discussion > should be Cc:ed to the bug report, IMHO. Is that a policy issue, common convention, or just a suggestion? -- Paul <http://paulgear.webhop.net> -- Did you know? Using Microsoft Internet Explorer can make your computer less secure. Find out more at <http://browsehappy.com>.
signature.asc
Description: OpenPGP digital signature