On Wed, Oct 8, 2008 at 6:28 AM, Anders Arnholm <[EMAIL PROTECTED]> wrote: > > In this case I have to object, the details on how to write the exploit was > in the release note.
Yes. That was not intentional. A well-intended dev edited the release notes, which should only be maintained by a member of the release team. That shouldn't repeat. > The problem in this > case then comes with GPL, we who got the patch had to wait with releasing > the bug fix for not violating the GPL. And that still needs to be discussed. If early limited source disclosure becomes policy, we need to either live with having everyone wait, or we need to find a way to allow people to release the binary early while still complying with the licenses we offer. > But over all the fix as clear as possible as early as possible is a good > thing there is nothing good in security by obsurity. As repeated, that philosophy is about fortifying technology instead of leaving holes merely because they're difficult to see. It's never been a prescription for a project telling the world every way that it can be hurt before taking any steps to protect itself. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
