On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:How about something along the lines of:
- Development team only disclosure for the first x days (2 to 7 days is the maximum here I would think), in order to develop a workaround/patch.
- Full disclosure after that, along with a published patch, hotfix or workaround.
OK, but what if there is no patch, hotfix, or workaround ready after 2-7 days? Some of these bugs have taken much longer.
I think we need to be looking at _why_ the bugs have taken much longer. Is it strictly lack of resources? Security fixes, generally, shouldn't come in batches of 10 (or whatever) because, even if they're related, it makes testing the critical-security-patch-that-needs-to-be-applied-right-now extremely difficult for almost everyone.
--Richard
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
