On Mon, Jun 26, 2006 at 01:09:42PM -0600, Chad Perrin wrote:
On Mon, Jun 26, 2006 at 07:35:00PM +0100, Timwi
wrote:
Seriously, security flaws need to be pointed out.
*Especially* in
open-source software.
One of the big problems I have with a lot of proprietary software is the
unwillingness of its vendor to admit flaws and tell us, the users, that
there's a problem of which we should be aware. I tend to view open and
frank, helpful discussion of security issues to be a net win when I'm
evaluating software to determine whether I want to use it, and ominous
silences as a sign that if a vulnerability arises, I won't find out
until it's too late.
And, FWIW, while I think there's a whole lot of overreaction on this
thread, on both sides, I come down a bit right of center as well: I
believe that it would be useful to have it documented in the archives
that there *was* such a problem, at timestamp X, such that if someone
is using SVN and happened to pull that particular rev, they have the
opportunity to know.
Remember: while running SVN revs in production is not the recommended
approach, there are people who do it.
Cheers,
-- jra
--
Jay R. Ashworth jra(a)baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA
http://baylink.pitas.com +1 727 647 1274
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet and in e-mail?