Stiphane Chausson <[EMAIL PROTECTED]> writes: > "Report states that OpenBSD developers played down critical vulnerability"
Report states that you can either choose spam about every single crash in the system fixed which would lead to a couple of "security advisory" spam every week if we were serious about it or just be hyprocites like every other vendor and keep silent about stuff that we find internally and make "security" announcement spam every time someone external reports a bug. The current practice is to not get worked up over things unless it's obviously exploitable or someone presents an exploit. The security researchers have the luxury of spending a couple of weeks on each bug. If we'd spend a few weeks just to find out if a bug is exploitable or not you'd get a release every ten years. The bug was of the size that if a real kernel hacker happens to spot it, he spends 5 minutes fixing it and mailing out a diff to a few people for eyeballing and then moves on doing other productive things. //art > http://www.heise-security.co.uk/news/86757 > > Lars Hansson wrote: > > On Fri, 16 Mar 2007 10:08:02 +0100 > > Karel Kulhavy <[EMAIL PROTECTED]> wrote: > > > >> http://www.heise.de/security/news/meldung/86730 > > And for the majority of the worlds population that doesn't speak > > German > > this says exactly what?
