Ben Bucksch wrote: > Christopher Blizzard wrote: > >> What this policy does is set up a framework for end user distributors >> and other interested parties to share information about security >> vulnerabilities > > > You seem to assume that reports come from "inside", from parties (esp. > companies) developing Mozilla. While that might be true for many bugs, > it is by no means true for all of them.
No, I assume that reports will come from multiple sources and those sources might have different ideas about when they want that bug report information released. > > I hope that a considerable amount of bug reports come from people not at > all involved with Mozilla development or from individual developers. We > need to set a policy for them, because they most likely have no opinion. I think that we need to have a policy that lets everyone participate, no matter who is the reporter. --Chris -- ------------ Christopher Blizzard http://people.redhat.com/blizzard/ Mozilla.org - we're on a mission from God. Still. ------------
