On 06/12/2012 10:25 AM, Aron Xu wrote: > I'm not expecting to hide anything, but it's harmful to announce the > world by a discussion in debian-devel that we are affected with no > solution provided, at the time related people (means the maintainers > and Security Team, not including the user - like you) haven't said a > word about it. > If Debian was affected (which it seems it is not), you wouldn't be able to keep that secret for more than few minutes. You can be 100% sure that a bunch of hackers would already be playing with your MySQL server. And this, even before you hear about this.
If such a disaster happens, then it's better to know asap, so critical servers can be patched asap too (even before Debian releases or announces anything). The harm would be to believe not posting in debian-devel is changing anything. I agree I should have posted in debian-security@l.d.o though. Thomas p.s: Anyway, it seems we're safe this time, even in SID! :) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fd6e6ba.8060...@debian.org