On Fri, 3 Mar 2000, Francisco M. Marzoa Alonso wrote:
[...]
Ok, enough is enough, perhaps Jussi shouldn't wonder about what cognition (i prefer real names too but...), does with his time, but fuck you it's never a constructive answer for nothing.
A discussion with someone who has already written you off because of your name is also rarely constructive. The only way that there is maybe scope to be constructive is to aid in the abolition of the predudice.
*JUST MY* opinnion:
If you're able to release a good patch (or a workaround at least), for your reciently discovered security bug, then you should publish it, if not, *I* think that's better ask anyone who can release it before publishing the information, there's a lot of badhands out there awaiting for that kind of data.
I like the idea previously suggested; Have a two stage advisory release, where the first advisory warns about the presence of the problem, what it affects and it's severity, released as soon as the problem is discovered, and then the next one is released when the patch is avaliable, and contains full details about the problem, exploit, patch, etc.
That's it. No need more lines saying dirty things about the mother of no one... :)
Have a good one everybody.
Will do, thanks. /cog