Actually it makes a whole lot of sense and it is a common practice. Since the bug was *unknown*, it made sense to delay the announcement and give other vendors a chance to fix the bug. Had the announcement gone out immediately it would have given crackers a chance to exploit the bug. Avi Yasholomew Yashinski wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 14 Feb 2000, Thomas Biege wrote:
The reason is simple: The bug wasn't known to the public and only the vendors got notified by me right after I found it. To give other linux ditributors the time to fix their stuff I wait some days before releasing our announcement.
Hope that explains everything.
The respect of your competition is more important then the security of your users?
-- Avi Schwartz Get a Life avi@CFFtechnologies.com Get Linux