On Wed, Jun 02, 2004 at 01:49:01AM +0200, Roman Medina wrote: > In other words, many vendors/developers silently fixes bugs and they don't > necesarily have to know who is packaging their software and inform them.
Such vendors/developers are doing a their users and the community a disservice. Proper public disclosure of vulnerabilities requires very little effort on their part; there is no good reason to conceal information this way. There is no need to contact every downstream vendor directly; they monitor the usual channels. -- - mdz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
