janI wrote on Tue, Mar 05, 2013 at 09:08:33 +0100:
> On 5 March 2013 08:46, Andrea Pescetti <pesce...@apache.org> wrote:
> 
> > Daniel Shahaf wrote:
> >
> >> if somebody replies to your post and says "Hey,
> >> false negative", you really want_that_  to happen privately.
> >>
> >
> > That was my concern too. Jan is perfectly right that he merely forwarded a
> > public security announcements, and that there is absolutely nothing wrong
> > in this in itself, but it's better to avoid the (admittedly remote, in this
> > case) possibility that someone exposes a security risk while commenting.
> > Take this as a generic practice; we had similar discussions about
> > vulnerabilities found in libraries, for example; and the common advice is
> > not to discuss security-related practices in public.
> >
> 
> I did not take it personally, but I do not understand how we can discuss an
> issue on a mailing list where most of the people needed for the discussion
> do not have access. Please remember my purpose, we need 2-3 volunteers to
> test the update.

I am expecting you to discuss security issues privately and recruit
volunteers publicly.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to