On 03/12/08 10:51, Jerry Schwartz wrote:
That is somewhat dangerous, since it could lead to unwanted experimentation. We can't assume that there aren't eavesdroppers on this list. When I worked for a major vendor in the software (and hardware) field, this was debated endlessly. We always fell back on the position that we would announce a security hole when the a patch was available, not before.
That being said, if they are going to post the vulnerability on the Wiki page, and not e-mail it, I may not find out about it until someone has hacked my Wiki site.
Jason. -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist