On Tue, 7 Mar 2000, Christoph Wegener wrote:
Hi, perhaps you should STOP this discussion now?!?
***This is a SECURITY mailing-list!***
Exactly. This is a discussion that is VERY relevent to security. Presumably you're on this list to be informed of security problems/fixes with your SuSE installation? I believe that the fact security problems could be with held from the public for upto a month, because it "seems fair" to the vendor is relevent to all those on this list. And to those people bashing SuSE, it isn't just them, I'm not sure to what extent they do so, but I've spoken to a few people who post announcements to BugTraq, and it appears that it is standard practice to leave the user vunerable while the vendor is contacted. I also think that this discussion is getting a bit stale. It seems that no new ground is being covered. What I am planning on doing is talking to a few other people (I've not seen any SuSE representative post on this topic, but would be interested if they could contact me off list), and as soon as I have the chance writting up an article with my conclusions about what currently happens and what changes (if any) I feel should be made. Are there any objections if I take some quotes from posts here? Thanks, /cog