Thomas Michael Wanka wrote:
On 28 Feb 00, at 9:06, Andre Poenitz wrote:
That's simply not possible. So this approach is not feasible IMHO. Full disclosure is sometimes problematic but works rather well in general. I'd never trust anybody who is saying 'well, I know of a problem of yours, but I won't tell you'.
how about private mail to registered users who signed up to receive this sevice?
This stuff has been discussed many times. There's just one problem, the list maintainer can't distinguish between well-behaving and bad-behaving subscribers. Or your mailinglist can't be used by people with a very good reason to hide their real name and address for others. That's the reason why this policy of publication is used, not only by SuSE but by everybody with security in mind. If you don't believe me, just take a look at the Bugtraq mailinglists at www.securityfocus.com. Select Forums from the home page and read the FAQ. Read some threads which start with a message from (by example) simple nomad or USSR folks. They always give the supplier / maintainer at least 2 weeks to solve a problem. Regards, Fred