Re: [pgsql-advocacy] MySQL worm attacks Windows servers - Mailing list pgsql-general

On 1/30/2005 10:18 AM, Peter Eisentraut wrote:

> Dawid Kuroczko wrote:
>> I think it is in good taste that when you find a
>> bug/vulnerability/etc first you contact the author (in this case:
>> core), leave them some time to fix the problem and then go on
>> announcing it to the
>> world.
>
> In this case, core is not the author of the object in question.  And of
> course, to report a "bug/vulnerability/etc" you would write to
> pgsql-bugs, not core.
>

No, Peter.

Posting a vulnerability on a public mailing list "before" there is a
known fix for it means that you put everyone who has that vulnerability
into jeopardy. Vulnerabilities are a special breed of bugs and need to
be exterminated a little different.


Jan

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #