>>> Jamie Heilman wrote
> Given that ZC clearly doesn't have the resources available to do (a),
> irrespective of if its even technically feasible, we can rule it out.
> And (b), well (b) just screws everybody. Exploits are a byproduct of
> understanding the vulnerability, they're a natural part of
> experimentation and learning. You usually can't discuss a vulnerabilty
> without implying the exploit. If you really want to help people who
> can't help themselves, offer education, not censorship in the guise of
Worse yet, hiding the security bugs mean that other people who might
be motivated to supply fixes are unaware of the issue and cannot help.
I'd be +1 on exposing the security bugs - maybe after 2 weeks so that
critical security flaws have a chance to be fixed immediately. But it
should be an automatic thing, not something that requires manual
Anthony Baxter <[EMAIL PROTECTED]>
It's never too late to have a happy childhood.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -