On Mon, 10 Oct 2011 07:45:34 -0400 Rob Weir <robw...@apache.org> wrote: > Security reports come from security > reporters. Can you tell us whether "Red Hat, Inc. security > researcher Huzaifa Sidhpurwala" is a TDF member and whether he > was reporting this issue under instructions from TDF?
Does it matter? A careful security report will provide information on how the problem arises; it would be foolish for anyone to immediately swing into action with alarm bells ringing to try to fix a report without first verifying that the poblem actually exists. Surely any security report undergoes some form of triage before being advanced to fix. -- Rory O'Farrell <ofarr...@iol.ie>