On Wed, 2003-12-03 at 02:08, Paul Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Dec 02, 2003 at 06:17:44PM -0500, Paul Morgan wrote: > > It would be a lot less stable and secure if debian started > > publishing exploits. The announcement explains quite clearly what > > happened and how to protect your system. > > Why does BugTraq do it? Because it forces quick action. > > Granted, this isn't a problem for a self-motivated project like > Debian. However, Debian is looked up to quite a bit in the software > community, so shouldn't Debian be setting the example here?
BugTraq does delay disclosure under threat from DMCA for Proprietary systems (Microsoft seems to stand out here), there have even been comments from them on it. So get a life Paul... a small delay is better than adding exposure to many systems that have diligent people trying to keep up with those exploits. No I am not talking about those that haven't patched RedHat 6.2 since the original install from the CD. I am talking about people like me, that take a couple of days to schedule a critical system reboot (when it is a Kernel issue like this one)... we can't just Flip the switch... we could(will) be sued or back-billed for down-time on some of these systems. Think in real-life terms not personal preferences. Sure I'd like to know, but right this second maybe not. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
signature.asc
Description: This is a digitally signed message part
