From Krish Ahya on Sunday, 03 February, 2002: >I understand this, but thats all the more reason to not release an exploit. >An advisory only would have better suited the situation, especially when the >vendor won't fix the problem. Maybe. If Vendor doesn't release Patch, IMHO, publicizing the hole and then, maybe a while later, releasing the exploit is the proper way to go. Be vocal about it and the reasons for posting it like that, and people will migrate to a different (hey, Free Software guarantees at least *someone* can make a patch, even if Vendor is too lazy) software, since they now know that Vendor does not care about security. --Joseph -- Joseph======================================================jap3003at_private "If you really want to toggle [Internet Explorer] into secure mode, you just need to click the little 'X" in the top right corner of the window." --User dsb3 on www.slashdot.org. [Use Mozilla! www.mozilla.org.]
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 19:19:53 PST