So who decides who is "good" or "bad" to receive or not to receive security bulletins? I think it's the wrong way to follow an Apple's approach to keep security issues secret until they possibly are fixed. I like the approach to openly disclose security gaps, make users aware of imminent risk, and try to fix issues ASAP with help of the users. That's how Microsoft handles it.
Surely there are defenders of both camps. But SL is now opensource. I think the only way to properly handle security issues detected is to make everybody aware of them. Not to select a few deemed "white hats" to be informed but all people who work with the code. Be ensured the "black hats" do the same. One additional point @ Henri. You are registered with your RL details @ LL. As such I don't see a point with anonymity here. There is none. Merry Xmas! Boy http://my.opera.com/boylane _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
