Moved the top post down. On Tue, Apr 8, 2008 at 9:21 PM, Mitch Bradley <[EMAIL PROTECTED]> wrote: > It would have been nice if the criticisms had been delivered directly to > OLPC, instead of broadcast in a public forum, where enemies of OLPC can cite > and expand on them as evidence that "OLPC is hopelessly screwed up, so you > should buy our competing product instead". If you get my drift.
In the free and open source community, people generally post their technical opinions and criticisms in the open. If they're wrong, then we can say it, while moving forward, or if they're right, then we can fix it, and move forward. > > I believe that the prevailing ethos in the white hat security community is > to report newly-discovered vulnerabilities first to the company in question, > thus giving them some amount of time to develop a patch before the public > announcement. If the paper provided an exploit or specifically identified a vulnerability then they should have sent it to you guys first. Did they identify a specific vulnerability or exploit? > > The authors appear to be academics, however, so they would get little > credit for having contributed to OLPC security by privately contacting OLPC > and giving us an opportunity to address their concerns. Publishing is the > coin of the realm in academic circles. Agreed. Are any of their concerns valid? Thanks, jaya _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
