Here's the way I see about new bugs, they've been there for who knows how long, maybe since the beginning or since the last update/patch. That means it could have been days, weeks or years that this bug has been there, why does it matter if you don't know for a few more days, it's not like they find it and all the sudden ALL the crackers know about it. So what if you don't know for a few more days, it gives the author time to fix the bug, and then post the new version/patch, so then inform you and all the crackers that the bug exists. What if there is no workaround other than to take down the entire box until the fix is available, then what, you're SOL? I'd rather not know about it for a few days, have an update available, then be informed so I know that it wasn't public knowledge so others could exploit me.
"He who fights with monsters should look to it that he himself does not become a monster...when you gaze long into the abyss the abyss also gazes into you." -Friedrich Nietzsche
"Push and you will find resistance, lead and you will find followers" - Unknown Author
----- Original Message ----- From: "Petri Sirkkala." firstname.lastname@example.org To: "SuSE Security" email@example.com Sent: Monday, February 28, 2000 6:33 AM Subject: Re: [suse-security] SuSE Security Announcement - make-3.77
On Mon, 28 Feb 2000, Fred Mobach wrote:
Thomas Michael Wanka wrote:
On 28 Feb 00, at 9:06, Andre Poenitz wrote:
That's simply not possible. So this approach is not feasible IMHO. Full disclosure is sometimes problematic but works rather well in general. I'd never trust anybody who is saying 'well, I know of a problem of yours, but I won't tell you'.
This is not the discussion I subscribe to this list for. Stop now or I ignore you for time being. -Pete
To unsubscribe, e-mail: firstname.lastname@example.org For additional commands, e-mail: email@example.com