On Mar 6, 2013, at 1:40 PM, Tomasz W. Kozłowski <[email protected]> wrote:
> I can't see why a Bugzilla
> administrator would be required to sign an NDA -- is there anything
> secret when it comes to bugs in a GPL-licenced software?
Well. These security bugs are zero-day exploits and often contain
patches or other juicy tidbits that will allow hostile individuals to attack
sites running vulnerable versions of MediaWiki - including our own cluster -
until the hole is closed.
So yes. There's a need for an NDA there.
---
Brandon Harris, Senior Designer, Wikimedia Foundation
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
_______________________________________________
Wikimedia-l mailing list
[email protected]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
