On Mon, Jun 26, 2006 at 07:35:00PM +0100, Timwi wrote:
Seriously, security flaws need to be pointed out. *Especially* in open-source software.
One of the big problems I have with a lot of proprietary software is the unwillingness of its vendor to admit flaws and tell us, the users, that there's a problem of which we should be aware. I tend to view open and frank, helpful discussion of security issues to be a net win when I'm evaluating software to determine whether I want to use it, and ominous silences as a sign that if a vulnerability arises, I won't find out until it's too late.