> On Tue, 28 Oct 2003 22:45, Rolf Pedersen wrote: >> Perhaps, at least in the current economic environment, it >> would be unwise to commit further, limited resources in the >> uncompensated service of those who merely "just don't want to pay for >> software and (...) don't want to steal it either." > > I understand your point, but that's not Scott's issue. > > Scott's issue is that he _is_ a fully subscribed Club member and is on > the appropriate announce lists
MandrakeClub was the place this issue was first brought to light (in the MandrakeClub forum), about 19 October. I reported it on the maintainers list when I saw two different reports. IIRC that was 20 Oct. Since the only people who officially have access to the ISOs up to now are in MandrakeClub, this is the logical place to look. I also don't think it would have been responsible for the immediate action to be a story on MandrakeClub's front page without at least some verification/investigation, and that occured on Oct 20 and 21 on the maintainers list, whereafter it moved to cooker. 3 days after the 2nd report on MandrakeClub (IIRC) there was a note on the errata page (which really should be the place *everyone* looks before installing - and BTW we actually discussed that on maintainers before the LG issue and hopefully in future users will be urged to read the errata by the splash screen or similar). Just over a week after the 2nd report on MandrakeClub and we have kernels and full advisories out. I believe a lot of the threads about the LG drives were CC'ed to the expert list? I really don't think it could have been handled any better with current resources. > but still found out about LG's faux pas > first from other sources. Yes, I do find it strange LG didn't notify their customers who all paid hard cash for their hardware of this vulnerability in their hardware earlier, and urge them to do a firmware update. I wonder how long it will before (now that this vulnerability is more public) until there is a Windows worm which sends FLUSH_CACHE to LG cd-rom drives ... Regards, Buchan
