Re: [GENERAL] MySQL worm attacks Windows servers

Поиск
Список
Период
Сортировка
От J. Greenlees
Тема Re: [GENERAL] MySQL worm attacks Windows servers
Дата
Msg-id 42064C51.1020509@telus.net
обсуждение исходный текст
Ответ на MySQL worm attacks Windows servers  (Christopher Kings-Lynne <chriskl@familyhealth.com.au>)
Список pgsql-advocacy

Jan Wieck wrote:
> On 1/30/2005 10:18 AM, Peter Eisentraut wrote:
>
>> Dawid Kuroczko wrote:
>>
>>> I think it is in good taste that when you find a
>>> bug/vulnerability/etc first you contact the author (in this case:
>>> core), leave them some time to fix the problem and then go on
>>> announcing it to the
>>> world.
>>
>>
>> In this case, core is not the author of the object in question.  And
>> of course, to report a "bug/vulnerability/etc" you would write to
>> pgsql-bugs, not core.
>>
>
> No, Peter.
>
> Posting a vulnerability on a public mailing list "before" there is a
> known fix for it means that you put everyone who has that vulnerability
> into jeopardy. Vulnerabilities are a special breed of bugs and need to
> be exterminated a little different.
>
>
> Jan
>

ain't that the truth.
if a vulnerability is found, try to find a fix, or work around, post it
privately to the developer, give them an opportunity to get it fixed
before going public.

when dealing with open souurce, this system works great.
when dealing with proprietary / closed source [ specifically microsoft ]
expect that it's the public announcement that's going to start them
doing something about it.

I personally would only give ms a week at most to fix the problem before
going public.
since open source if usually fixed in that time frame.


Jaqui


В списке pgsql-advocacy по дате отправления:

Предыдущее
От: Jean-Paul Argudo
Дата:
Сообщение: Re: Solutions Linux 2005 Paris : debriefing
Следующее
От: Robert Bernier
Дата:
Сообщение: Linux World Boston