On 3/15/07, Karl O. Pinc <[EMAIL PROTECTED]> wrote: > > On 03/15/2007 10:48:49 PM, Ray Percival wrote: > > On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote: > > >> I rely on having a clear channel for security related > >> problems. > > > The only communication problem here is that you don't look > > at the information that the project puts out there for you. > > The project says it will announce security errata > on the security-announce list. I _am_ assuming this > will be done in a timely fashion... This does not > seem like an unreasonable assumption.
I bet you'd also like somebody other than you to patch your systems in a timely fashion. If security-announce is not a place for timely > security announcments then change the description, > or get rid of it. Which brings the discussion back > to where it started, and where it belongs. Security isn't about receiving notifications to your Inbox in a timely fashion. It is about being proactive yourself. You should be the one taking measures to secure your systems, and you should be the one ACTIVELY LOOKING for problems. Watching mailing lists isn't enough, and this was announced very early on the ERRATA page. Do something for yourself. -- Kian Mohageri
