Jason Faulkner wrote:
We (I) were set to do that yesterday, then was informed by Martin
Hollmichel that the patch needed still to go through final QA. It will
be ready tomorrow, and we'll do the full honors--announce, homepage,
etc.
Hrm.
From a marketing point of view, wouldn't it have been better to beat
the press to the punch? I mean, instead of having a news agency post
that there's a vulnerability, if we had released a press release, we
could have said "Yes, there's a small, user-interativity required
vulnerability, but a patch is in final QA and is going to be released
any time now".
Isn't part of marketing making sure there's a positive spin // spin control?
It would be better if the agency had stuck to the convention that you
don't give publicity to vulnerabilities until the maintainer has had a
chance to issue a patch.
Do we know when the vulnerability was logged with us?
John
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
