On Tue, Aug 6, 2013 at 1:07 PM, Jacob Appelbaum <[email protected]> wrote:
> Somewhere there is a line and clearly, we failed to meet > the high standards of a few folks on this list. I'm mostly curious if > that high standard will be expressed in a cohesive manner where we might > learn from it. > Well, in the end, it's all done for the users. Keeping software up-to-date is easier than following advisories, even more so if there is an auto-update functionality. So I don't understand the big deal about not reissuing advisories for upstream projects, which takes a lot of time for dubious effect. Although the point becomes moot once you are talking about libraries that are not directly used, unlike major Firefox-level applications. E.g.: https://blog.torproject.org/blog/new-openssl-vulnerability-tor-not-affected > http://pastebin.com/qWHDWCre > > It is awful for Mike and I can't even begin to find it funny in the > least. Though I'll take your point that it is rich with awful irony. > I don't think anyone took those guys seriously back then (or anyone whose opinion matters, at least). -- Maxim Kammerer Liberté Linux: http://dee.su/liberte
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
