From: | "J(dot) Greenlees" <jaqui(at)telus(dot)net> |
---|---|
To: | pgsql-advocacy(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: [GENERAL] MySQL worm attacks Windows servers |
Date: | 2005-02-06 16:56:49 |
Message-ID: | 42064C51.1020509@telus.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-advocacy pgsql-general pgsql-www |
Jan Wieck wrote:
> On 1/30/2005 10:18 AM, Peter Eisentraut wrote:
>
>> Dawid Kuroczko wrote:
>>
>>> I think it is in good taste that when you find a
>>> bug/vulnerability/etc first you contact the author (in this case:
>>> core), leave them some time to fix the problem and then go on
>>> announcing it to the
>>> world.
>>
>>
>> In this case, core is not the author of the object in question. And
>> of course, to report a "bug/vulnerability/etc" you would write to
>> pgsql-bugs, not core.
>>
>
> No, Peter.
>
> Posting a vulnerability on a public mailing list "before" there is a
> known fix for it means that you put everyone who has that vulnerability
> into jeopardy. Vulnerabilities are a special breed of bugs and need to
> be exterminated a little different.
>
>
> Jan
>
ain't that the truth.
if a vulnerability is found, try to find a fix, or work around, post it
privately to the developer, give them an opportunity to get it fixed
before going public.
when dealing with open souurce, this system works great.
when dealing with proprietary / closed source [ specifically microsoft ]
expect that it's the public announcement that's going to start them
doing something about it.
I personally would only give ms a week at most to fix the problem before
going public.
since open source if usually fixed in that time frame.
Jaqui
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Stark | 2005-02-06 21:31:49 | Re: [pgsql-advocacy] MySQL worm attacks Windows servers |
Previous Message | Jean-Paul Argudo | 2005-02-06 15:38:36 | Re: Solutions Linux 2005 Paris : debriefing |
From | Date | Subject | |
---|---|---|---|
Next Message | Christopher Browne | 2005-02-06 18:13:24 | Re: Questions about functionality |
Previous Message | Jan Wieck | 2005-02-06 15:33:30 | Re: [GENERAL] MySQL worm attacks Windows servers |
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2005-02-06 19:28:39 | svr2 on borg live |
Previous Message | Dave Page | 2005-02-06 15:34:38 | Re: About FTP Browser |