Quoting Alan Brown ([EMAIL PROTECTED]): > On Wed, 12 Mar 2003, Chuck Yerkes wrote: > > > I'm not sure if slackware can count as a vendor. > > The distribution is sold and there are outfits offering commercial support. > > > The issue is this was a highly sensitive problem and the person > > notified had to be 1) trusted and 2) under NDA. Deeply under > > NDA until it was revealed.
And just to be clear, I say this based on past behaviors of software like sendmail, apache and BIND. I don't speak for Sendmail. I do know, from the advisories, that the problem was revealed to "authorities" (sendmail? CERT? DoHS? I dunno) before monday and time was spent to get and test patches. This is usual per CERT and well documented. Also per CERT, knowledge of holes is kept close until fixes are available. I, like many, have issues when CERT stays quiet for many months or closer to a year when vendors are slow to respond (insert 3 letter vendor here).
