On Tue, Apr 08, 2008 at 09:54:51PM -0700, Jaya Kumar wrote: > On Tue, Apr 8, 2008 at 9:21 PM, Mitch Bradley <[EMAIL PROTECTED]> wrote: > > It would have been nice if the criticisms had been delivered directly to > > OLPC, instead of broadcast in a public forum, where enemies of OLPC can cite > > and expand on them as evidence that "OLPC is hopelessly screwed up, so you > > should buy our competing product instead". If you get my drift. > > In the free and open source community, people generally post their > technical opinions and criticisms in the open. If they're wrong, then > we can say it, while moving forward, or if they're right, then we can > fix it, and move forward.
Of course, but these authors are also playing politics. > > I believe that the prevailing ethos in the white hat security community is > > to report newly-discovered vulnerabilities first to the company in question, > > thus giving them some amount of time to develop a patch before the public > > announcement. > > If the paper provided an exploit or specifically identified a > vulnerability then they should have sent it to you guys first. Did > they identify a specific vulnerability or exploit? Sure, they identify lots of them and imagine a few more implausible ones for good measure. > > The authors appear to be academics, however, so they would get little > > credit for having contributed to OLPC security by privately contacting OLPC > > and giving us an opportunity to address their concerns. Publishing is the > > coin of the realm in academic circles. > > Agreed. Are any of their concerns valid? Valid, yes, but their tone is insulting. _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel