As a third-party user: I completely concur. NDAs for security bug access are pretty much standard, aren't they?
- d. On 26 June 2014 15:08, Tyler Romeo <tylerro...@gmail.com> wrote: > I’ll be frank. I care a lot more about the security of MediaWiki as a > software product, > as well as the security of its customers (both WMF and third-party) than I do > about > some made-up notion of “open access” to security bugs. > I think it makes complete sense to have people with access to security bugs > sign an > agreement saying they will not release said bugs to the public until they > have been > fixed, released, and announced properly. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l