Dear Marsh, Personal opinions (hoping not to start a flame war) on your questions:
> A. Does anyone think there would be much gained by me requesting (or > insisting on) a CVE number? I do not see the need for CVEs for such "trivial" (easily verifiable) problems. I find them useful when problems or fixes are reported in "obscure" software (e.g. in binary-only proprietary distributions), so as to identify same-known-problem reports. > B. Does anybody actually care about local escalations any more, or is > everyone just expected to have their very own personal virtual private > cloud for a security boundary? We each must protect our own cocoons. Saving the world is impossible. Cheers, Paul Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
