On Jul 30, 2013, at 3:01 AM, Antoine Pitrou <solip...@pitrou.net> wrote:
> I don't know what I'm supposed to infer from such a statement, except that I > probably don't want to trust you. You might think that "publish[ing] working > exploits into the wild" is some kind of heroic, altruistic act, but I think > few > people would agree. Full Disclosure is a common practice amongst security professionals when the upstream project is unwilling to rectify the problem. So yes I do think the practice of Full Disclosure is an altruistic act and often times the only thing that gets people who don't care to pull their head out of the sand and actually care. If you don't believe my words on it here's an essay by Bruce Schneier one of the foremost experts on security and a well respected and well trusted member of the security community. https://www.schneier.com/essay-146.html ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
