Donald Stufft <donald <at> stufft.io> writes: > > I have zero qualms about releasing a full disclosure along with working exploits > into the wild for a security vulnerability that people block me on. If I'm unable > to rectify the problem I will make sure that everyone *knows* about the problem.
I don't know what I'm supposed to infer from such a statement, except that I probably don't want to trust you. You might think that "publish[ing] working exploits into the wild" is some kind of heroic, altruistic act, but I think few people would agree. > Even a random occurrence will break for some percentage of people using > the software some percentage of the time. If it didn't then it's unlikely anyone > would notice it. Security vulnerabilities typically won't break until someone actively > tries to break them. You're mistaken. Bugs can sometimes be fixed preemptively, even before they're noticed in the wild (by means of perusing the code and noticing an issue, for example). Which also includes, of course, security issues (which often get fixed before they ever get exploited). Regards Antoine. _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
