On Wed, Sep 16, 2009 at 9:26 AM, Anthony <wikimail(a)inbox.org> wrote:
On Tue, Sep 15, 2009 at 7:17 PM, Andrew Garrett
<agarrett(a)wikimedia.org>wrote;wrote:
I think the appropriate expression here is
"put up or shut up".
If you are aware of unpatched security vulnerabilities in MediaWiki,
report them to security(a)wikimedia.org, and to this list if you don't
receive a response, and they will be immediately patched.
If you want to offer some sort of bounty program, then maybe. Otherwise, no
thanks.
If you don't believe in responsible disclosure of attacks without
being paid, perhaps you will at least publicly disclose the problem.
If you do neither, you're well on your way to being a bottom-feeder.
--
John Vandenberg