> You haven't earned the trust of the people in charge. > > The current security team members have earned the trust of the people in > charge. > > No contradictions there.
Why do they need to trust me? Because the information is dangerous. By admitting that the information is dangerous, they are admitting that having + holding the information is dangerous (even for them!!!). By holding onto the information, they are putting us all in danger. Thus, contradiction. Full Disclosure levels the playing field. It gives a slight advantage to script kiddies, yes... ...but it gives us a [different] much larger advantage: Knowledge. "Knowledge" is useful for shutting down to thwart ongoing zero day attacks... and also the mere availability of the knowledge prevents entirely the analyst leakage (or anal. leakage for short :-P) scenario I've described countless times. d3fault Other: The public disclosure increases the incentive for a fix to be researched/discovered/published/audited(more eyes = less bugs), but this argument is weak so I probably shouldn't even have mentioned it. not to mention: the people in the security team are the people in charge -_-. flawed logic is flawed. You're like the priests in the early days hiding information (the ability to read and write) and trying to convince us it's for our own good. Time will tell who is right. su time; echo "d3fault is right"; exit; _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development