I agree with the fact that on those mailing lists there is a full disclosure of vulnerabilities; but let us not forget that there is usually a period of time left to the vendors to fix them. So, why not allow a period of time after which the logs will be made public? The question is: can the owner of the machine be contacted? If yes, then allow him 2 weeks. If not, let's say 3 weeks. I'm saying '3 weeks' because sometimes people don't want to leave contact information, or their contact e-mail are too spammed - so it's not necessarily their fault if they cannot be contacted. But after 3 weeks I assume that every script kiddie in the world will have the machine's address, so publishing it won't affect too much the bandwidth. Opinions? -- lorenzo lorenzoat_private
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 18:34:53 PDT