Date: Thu, 18 Jan 2018 19:23:45 -0500 From: Nicholas Luedtke <nicholas.luedtke@....com> To: <oss-security@...ts.openwall.com> Subject: Re: How to deal with reporters who don't want their bugs fixed? On 1/18/2018 5:01 PM, Solar Designer wrote: > I think "semi-public" is the worst state an issue can be in, making the > above suggestion the worst of those mentioned in this thread so far. In my extremely humble opinion, a patched "semi-public" issue is better than a unpatched private issue that is known to unknown number of people with unknown intentions. -Nicholas Apologies for sending this off list Alexander. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ