On 28 Sep., 19:47, Jeff Enderwick <[email protected]> wrote: > Why would security announcements be limited to OHA members? Of course, > there are public-disclosure-when-fixed scenarios, but everyone else on > the planet discloses security vulnerabilities publicly so that people > can make their own informed decisions. Jeff, IMHO you're approaching this from a developers point of view. You and I might know where to look for certain information, but you'll never get Joe Average to check the CVE DB to find out about issues. And of course let's not forget that Google itself wrote that vulnerabilites, once fixed, would be listed in a Google Group. And that's my point, they just don't live up to their promise. Were there means for average users to easily stay informed about issues, be it a forum, a blog or something else, then security-aware users could at least apply workarounds for issues until Google / manufacturers / carriers release patches.
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
