Chris Shiflett wrote:
That's a weak defense. If you're a proponent of full disclosure, say so, but don't use ignorance as your defense in the same email where you claim to not be a "dumb guy."
I am a dumb guy, and I would have done the exact same thing Randal did. I just don't think about security in terms of secrecy. It's not a full disclosure thing at all, at least for me.
Despite the (perceived) violation of protocol, Randal's message did light a fire under the asses of a lot of mod_perl developers, and made known a potential security issue. I'd say that's mission accomplished.
Rob
