Can you tell the FSF web programmers to do more checking for HTML/SQL
injection vulnerabilities?
I know nothing about that issue, but I will forward your message.
Teaching the public about this issue is a good thing to.
However, the way you did it was predictably bad.
By publishing it, and telling only me--not anyone who could fix
it--you made sure a day would go by when others know about the problem
but our sysadmins did not. It would have been better practice to tell
our sysadmins privately first, and give them a couple of days to do
something before educating the public.
I hope that you have not arranged in effect to cause our web site
to be attacked.
