| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jsage at finchhaven.com (John Sage) Subject: Re: I have fixes for the Geeklog vulnerabilities hmm.. On Mon, Oct 06, 2003 at 10:34:16AM +0530, morning_wood wrote: > > > > Overall, this is a textbook example of how NOT to handle security issues. > > By not contacting the developers, posting a report full of inaccuracies, > > and, in the end, mostly non-working examples, Lorenzo Hernandez Garcia- > > Hierro has caused uncertainty and confusion amongst the Geeklog users and > > basically wasted everyone's time, including that of the developers. > > > > Dirk Haun, > > Maintainer of the Geeklog 1.3.x branch, > > Geeklog Development Team > > Do your own work then... or would you have prefered him > and whoever else he could tell to abuse Geeklog privatly until > you perhaps stumble across the issues? Disclosure helps everyone, > Any security disclosure is good, /* snip */ "Any security disclosure is good..." A wonderfully naive attitude. Ever hear of lying? Disinformation? Libel? FUD? Or simply of someone being wrong? "Disclosure" without any technical evidence is gossip at best. Unfortunately, there are some who will believe almost anything they read. - John -- "You are in a twisty maze of weblogs, all alike." - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head.
Powered by blists - more mailing lists