On Monday 18 August 2008 23:33, Kevin Price wrote: > > But in the future please be more > > careful when making statements about the impact of vulnerabilities. > > Please help me understand how you would have preferred me to report > this, so next time I can do it right.
I'm specifically concerned about this statement of yours: >> Justification: introduces a security hole on systems where you install >> the packages That definately does not hold, but it may give the impression to users that all systems running Postfix are vulnerable, which is very far from reality. I'm not quite concerned about which exact severity level a given bug has, since that's quite abstract, but I am advocating to be careful with factual statements about the impact of the vulnerability as you did above. Thijs
pgpGBvSkyCZVy.pgp
Description: PGP signature
