As a third-party user: I completely concur. NDAs for security bug
access are pretty much standard, aren't they?


- d.



On 26 June 2014 15:08, Tyler Romeo <tylerro...@gmail.com> wrote:

> I’ll be frank. I care a lot more about the security of MediaWiki as a 
> software product,
> as well as the security of its customers (both WMF and third-party) than I do 
> about
> some made-up notion of “open access” to security bugs.
> I think it makes complete sense to have people with access to security bugs 
> sign an
> agreement saying they will not release said bugs to the public until they 
> have been
> fixed, released, and announced properly.

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply via email to