As a third-party user: I completely concur. NDAs for security bug access are pretty much standard, aren't they?
- d.
On 26 June 2014 15:08, Tyler Romeo tylerromeo@gmail.com wrote:
I’ll be frank. I care a lot more about the security of MediaWiki as a software product, as well as the security of its customers (both WMF and third-party) than I do about some made-up notion of “open access” to security bugs. I think it makes complete sense to have people with access to security bugs sign an agreement saying they will not release said bugs to the public until they have been fixed, released, and announced properly.