Adeodato Simó <[EMAIL PROTECTED]> writes: > * Thomas Bushnell BSG [Tue, 02 Aug 2005 16:07:08 -0700]: > >> It would be very nice if Mozilla would publish to distributions like >> ours a description of the security problem, and then a separate patch >> for that specific problem. > > "Publish to distributions" is effectively the same as making it > completely public, so they won't. See [1]. > > [1] http://lists.debian.org/debian-security/2005/08/msg00032.html
It was asked what we would like them to do. Everyone else seems to manage just fine with an embargo method. It works quite well for a jillion other upstreams.
