On Wed, Sep 16, 2009 at 9:26 AM, Anthony <[email protected]> wrote: > On Tue, Sep 15, 2009 at 7:17 PM, Andrew Garrett <[email protected]>wrote: >> I think the appropriate expression here is "put up or shut up". >> >> If you are aware of unpatched security vulnerabilities in MediaWiki, >> report them to [email protected], and to this list if you don't >> receive a response, and they will be immediately patched. >> > > If you want to offer some sort of bounty program, then maybe. Otherwise, no > thanks.
If you don't believe in responsible disclosure of attacks without being paid, perhaps you will at least publicly disclose the problem. If you do neither, you're well on your way to being a bottom-feeder. -- John Vandenberg _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
