Randal L. Schwartz wrote: > I get around. I read various mailing lists. I'm not a dumb guy about > Perl stuff. And by the way, I've already been yelled at. :) > > But this thing about "[EMAIL PROTECTED]" is something that I > wouldn't have thought to look for.
That's a weak defense. If you're a proponent of full disclosure, say so, but don't use ignorance as your defense in the same email where you claim to not be a "dumb guy." You were probably yelled at for these reasons: 1. You thought you had discovered a serious security vulnerability. 2. You first mentioned it on a public mailing list. Even if I knew nothing about responsibly reporting security vulnerabilities, my email to this list would have been something like this: "I believe I've discovered a security vulnerability in mod_perl. To whom should I address my concerns?" In the future, I highly suggest trying security@, support@, and info@ before disclosing a vulnerability, or ask this list for guidance. (It might be worth making sure at least one of these works with the perl.apache.org domain, e.g., [EMAIL PROTECTED]) Chris -- Chris Shiflett http://shiflett.org/
