Hi Colin, * Colin Leroy <[EMAIL PROTECTED]> [2007-12-05 14:57]: > On Wed, 5 Dec 2007 14:35:03 +0100, Nico Golde wrote: > > And to be honest, I am not going to contact any of you guys if I find > > some bug again, simple because you showed that you are not able to > > handle this just because of some bad press. > > Dude, it's not about bad press. It's about following procedures.
Following whos procedures? > Anyway, do me a favour, leave security bugs to the people who do it > correctly. Do me a favour and leave security bugs to the people actually doing security work in this distribution. Thanks. > All of the previous vulns have been much better handled: > http://secunia.com/advisories/10061/ > http://secunia.com/advisories/14774/ > http://secunia.com/advisories/26550/ > http://secunia.com/advisories/20476/ Oh wait, you are comparing a low impact bug in a contrib script with those bugs? You must be kidding or at least you seem to have no clue about the impact of security bugs. > We report the ones we find. What in this process makes you think we're > bothered about bad press? " I know Colin's words were probably not in the best tone, but his request is fair: nobody likes reading "There was no vendor-supplied solution at the time of entry." in a security tracker when he had no opportunity to solve the problem." What else should this tell me? If you are really just pissed of because you had no opportunity to fix this before it was on security sites: ok, I don't care, hate me for this, thanks for the discussion. Anyway, I am not going to answer any mail regarding this issue from now on since I see it as a plain waste of time. Stop whining and do something useful with yours as well. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpyq0f98GPhT.pgp
Description: PGP signature
