On Fri, Oct 28, 2005 at 04:26:43PM +0100, Steve Kemp wrote: > On Fri, Oct 28, 2005 at 10:16:03AM -0500, John Goerzen wrote: > > On Fri, Oct 28, 2005 at 04:42:31PM +0200, Piotr Roszatycki wrote: > > > Why my report was ignored? I've reported the problem 3 days ago and I had > > > no > > > reply. > > > > This seems to be a very frequent problem going on for awhile now. > > > > Could someone from the security team comment on what the problem is? > > The problem is that we receive a lot of reports, each of which may > involve a significant amount of time to attend to. > > New entries are pushed onto the stack almost daily. Whilst some > are simple and can be dealt with easily some are more complex and > obviously we cannot disclose them publically. > > If it is useful I could begin sending out a form response, something > like "Yes we recieved your report, yes we will fix it, please have > patience". > > However a useful response such as "Yes we've got your package report > and we'll update an advisory after we've done openssh, mozilla, the > kernel." is not going to happen. Even estimating an advisory date > is going to be non-trivial.
I think some sort of confirmation would be invaluable. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
