Jani Taskinen wrote: > So what's wrong in keeping them public? > If they are false alarms, why not keep > them public and show all other people who think they found > serious security related bugs that they are wrong? > If it's opensource KEEP it open. There can't be any closed > 'groups' which get some info in this kind of projects. > If there are, it's no longer opensource..IMO.
Even for open source projects, it is good practice to keep security issues closed until a fix has been released. As long as there is no fix, making it public won't help anyone except the black hats. IMO. And possible security issues shouldn't be considered bogus by default. regards Wagner -- "Ein Mathematiker ist eine Maschine, die Kaffee in Theoreme verwandelt." Paul Erdös, Mathematiker, 1913-1996 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]