Alvin Oga wrote: > > On Sun, 28 Aug 2005, Florian Weimer wrote: > > >>AFAIK, you can only blame the security team for lack of communication. > > > nah ... they're doing fine .. to the extent is needed ?? > > if it's important... they will post dsa ??
There certainly have been exceptions to that rule. The maintainer of shorewall has been trying for weeks to get a DSA issued about a vulnerability, and it seems we have to convince Joey that it *is* a vulnerability before he'll issue it. (I don't understand this - how can Joey even *try* to understand every security bug?) Repeated attempts to communicate this have been met with silence. -- Paul <http://paulgear.webhop.net> -- Did you know? Email addresses can be forged easily. This message is signed with GNU Privacy Guard <http://www.gnupg.org> and Enigmail <http://enigmail.mozdev.org> so you can be sure it comes from me.
signature.asc
Description: OpenPGP digital signature
