I think the most important part of the message is that they are not doing thier own investigating. If you don't have the time or tools to do more, and they refuse to, let someone who wants the challenge do it. Let it out, but warn the company that you are going to do so, and give them a bit of time in case they fell like doing something about it then. Thus spake Josha Bronson: >This is the problem as it sits. If I reach out to "the community" for >additional assistance with researching this bug I might as well just send >out an advisory. If I release an advisory the vendor will most likely >not have a patch ready, they will feel violated and the user base will >[...] So, what would you do? David Carroll System Administrator, HGO Technology www.hgo.net
This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 11:01:17 PST