From: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Dawid Kuroczko <qnex42(at)gmail(dot)com>, Neil Conway <neilc(at)samurai(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-advocacy(at)postgresql(dot)org, Chris Travers <chris(at)travelamericas(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: [GENERAL] MySQL worm attacks Windows servers |
Date: | 2005-02-06 15:33:30 |
Message-ID: | 420638CA.8030601@Yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-advocacy pgsql-general pgsql-www |
On 1/30/2005 10:18 AM, Peter Eisentraut wrote:
> Dawid Kuroczko wrote:
>> I think it is in good taste that when you find a
>> bug/vulnerability/etc first you contact the author (in this case:
>> core), leave them some time to fix the problem and then go on
>> announcing it to the
>> world.
>
> In this case, core is not the author of the object in question. And of
> course, to report a "bug/vulnerability/etc" you would write to
> pgsql-bugs, not core.
>
No, Peter.
Posting a vulnerability on a public mailing list "before" there is a
known fix for it means that you put everyone who has that vulnerability
into jeopardy. Vulnerabilities are a special breed of bugs and need to
be exterminated a little different.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Paul Argudo | 2005-02-06 15:38:36 | Re: Solutions Linux 2005 Paris : debriefing |
Previous Message | Jean-Paul Argudo | 2005-02-06 12:32:40 | Re: LinuxTag |
From | Date | Subject | |
---|---|---|---|
Next Message | J. Greenlees | 2005-02-06 16:56:49 | Re: [GENERAL] MySQL worm attacks Windows servers |
Previous Message | Thomas Hallgren | 2005-02-06 15:08:53 | Re: Help with access check |
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2005-02-06 15:34:38 | Re: About FTP Browser |
Previous Message | Devrim GUNDUZ | 2005-02-06 14:34:25 | About FTP Browser |