On Mon, Oct 05, 2015 at 10:38:34AM +0200, Joerg Jung wrote: > > > On 05 Oct 2015, at 00:38, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > > > At some point we might want a CVE for this. > > > > Please, next time you publish such a security issue -- give developers a > chance > to provide patches, *before* going public. Think of the production servers > which > run un-patched now. You may want to read about responsible disclosures [1] > > [1] https://en.wikipedia.org/wiki/Responsible_disclosure >
We have told him on IRC that this was a very unkind move. He has a different opinion and thinks he was helpful. What's done is done, please don't let this thread grow, we now know that we'll have to face this from within our community. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org