Daniel Veditz wrote:
Let's forget about the AOL-burdened past. I--and the Mozilla Foundation, I'm sure--want us to do the right thing now.
Yes, I hoped so. That's exactly the reason why I posted this.
Can we start over and give the existing policy (as written, not as executed) a try for a milestone or two?
I don't see how it would work without a targetted procedure, but if you
think it's going to work with just the current policy and informal
execution, sure. As long as the results are good, fine with me. Most
important results for me are: (only for "critical" security bugs)
* A warning to users about bugs within at most one day after they
are reported (even if the reproduction and details are kept
secret), with a workaround (if possible), so that people know the
threats they are facing and can protect themselves as early as
possible
* Quick distribution of available patches to users
* Reasonably soon fixing of bugs
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security