Fwd: When will this security bug been fixed?
Any know about this? Thanks Original Message Subject:When will this security bug been fixed? Date: Thu, 21 Jan 2010 16:16:15 +0800 From: Brian Lu brian...@sun.com To: support@pidgin.im Hi, All, I found there is a security bug against pidgin. see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0277 I want to know when the bug will get fixed? Is there a bug to track this issue? Thanks Brian ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: When will this security bug been fixed?
Brian Lu wrote: Any know about this? Please see http://developer.pidgin.im/wiki/SecurityVulnerabilityProcess This security issues seems to have been made public in violation of the reporting guidelines. That often happens for self promotion reasons. 2.6.4 is too recent for anyone to justify release on the basis that the developers were being unreasonably slow. As you can see from that link you will not get any useful response until patches have been issued to packagers, and they have been given a chance to create fixed ones. Please note that I am not on the security mailing list, so I have no access to privileged information on this subject. Note to the authors of the guidelines; We take seriously are discredited words in stock replies. You really need to back them up by real statistics on time to fix. Every marketing department uses this sort of form of words, often when the reality of the organisation is very different, although I believe that Pidgin developers really will treat problems seriously. -- David Woolley Emails are not formal business letters, whatever businesses may want. RFC1855 says there should be an address here, but, in a world of spam, that is no longer good advice, as archive address hiding may not work. ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: When will this security bug been fixed?
David Woolley spake unto us the following wisdom: Note to the authors of the guidelines; We take seriously are discredited words in stock replies. You really need to back them up by real statistics on time to fix. Every marketing department uses this sort of form of words, often when the reality of the organisation is very different, although I believe that Pidgin developers really will treat problems seriously. We take your comment very seriously. Please provide real statistics on public perception of this phrase. Ethan -- The laws that forbid the carrying of arms are laws [that have no remedy for evils]. They disarm only those who are neither inclined nor determined to commit crimes. -- Cesare Beccaria, On Crimes and Punishments, 1764 signature.asc Description: Digital signature ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support