* Jonathan S. Katz (jonathan.katz@excoventures.com) wrote:
> +1 - with a more outside perspective on the overall issue, I do have to say that I'm okay to any entity operating
"criticalinfrastructure" or the like having access to a critical security patch before the source is made available. I
thinkto reiterate what JD said, we should just communicate that better in the future.
Having some kind of documentation / policy regarding who can get access,
or what they have to do to get access, would certainly help address
these concerns.
For my 2c, I really don't feel this went very well and I absolutely
think that it's a black-eye that the common impression is that we gave
the fix to Heroku ahead of the public release.
Not sure what the best place to discuss this is, but, basically, I think
we can do better.
Thanks,
Stephen
