Mailinglist Archive: opensuse-security (240 mails)
| < Previous | Next > |
Re: [suse-security] SuSE Security Announcement - make-3.77
- From: Avi Schwartz <avi@xxxxxxxxxxxxxxxxxxx>
- Date: Sun, 27 Feb 2000 13:05:53 -0600
- Message-id: <38B97591.7BF2C9C9@xxxxxxxxxxxxxxxxxxx>
Actually it makes a whole lot of sense and it is a common practice.
Since the bug was *unknown*, it made sense to delay the announcement and
give other vendors a chance to fix the bug. Had the announcement gone
out immediately it would have given crackers a chance to exploit the
bug.
Avi
Yasholomew Yashinski wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 14 Feb 2000, Thomas Biege wrote:
>
> > The reason is simple:
> > The bug wasn't known to the public and only the vendors got
> > notified by me right after I found it. To give other linux
> > ditributors the time to fix their stuff I wait some days
> > before releasing our announcement.
> >
> > Hope that explains everything.
>
> The respect of your competition is more important then the security of
> your users?
--
Avi Schwartz Get a Life
avi@xxxxxxxxxxxxxxxxxxx Get Linux
Since the bug was *unknown*, it made sense to delay the announcement and
give other vendors a chance to fix the bug. Had the announcement gone
out immediately it would have given crackers a chance to exploit the
bug.
Avi
Yasholomew Yashinski wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 14 Feb 2000, Thomas Biege wrote:
>
> > The reason is simple:
> > The bug wasn't known to the public and only the vendors got
> > notified by me right after I found it. To give other linux
> > ditributors the time to fix their stuff I wait some days
> > before releasing our announcement.
> >
> > Hope that explains everything.
>
> The respect of your competition is more important then the security of
> your users?
--
Avi Schwartz Get a Life
avi@xxxxxxxxxxxxxxxxxxx Get Linux
| < Previous | Next > |