Hi,
installation? I believe that the fact security problems could be with held from the public for upto a month, because it "seems fair" to the vendor is relevent to all those on this list.
(in SuSE's case) Nonsense! We write a fix right after the bug was dicovered. We send the fix plus bug description to other vendors. And gernerally we wait 3-5 days before releasing the advisory. I think this time is fair for everyone, the users/admins, the programmers and the vendors.
What I am planning on doing is talking to a few other people (I've not seen any SuSE representative post on this topic, but would be interested if they could contact me off list), and as soon as I have the chance
??? If you want to discuss something, contact us... Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47