janI wrote on Tue, Mar 05, 2013 at 09:08:33 +0100: > On 5 March 2013 08:46, Andrea Pescetti <pesce...@apache.org> wrote: > > > Daniel Shahaf wrote: > > > >> if somebody replies to your post and says "Hey, > >> false negative", you really want_that_ to happen privately. > >> > > > > That was my concern too. Jan is perfectly right that he merely forwarded a > > public security announcements, and that there is absolutely nothing wrong > > in this in itself, but it's better to avoid the (admittedly remote, in this > > case) possibility that someone exposes a security risk while commenting. > > Take this as a generic practice; we had similar discussions about > > vulnerabilities found in libraries, for example; and the common advice is > > not to discuss security-related practices in public. > > > > I did not take it personally, but I do not understand how we can discuss an > issue on a mailing list where most of the people needed for the discussion > do not have access. Please remember my purpose, we need 2-3 volunteers to > test the update.
I am expecting you to discuss security issues privately and recruit volunteers publicly. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
