|
Vulnerability Development
mailing list archives
Crediting/Communication (Was: Re: [VULN-DEV] /usr/bin/Mail buffer 0verfl0w)
From: Syzop <syz () DDS NL>
Date: Sat, 3 Mar 2001 19:00:44 +0100
Blue Boar wrote:
Seems that perhaps SosPiro should have been mentioned. I realize that
vuln-dev doesn't exactly give vendors advanced notice due to the
way it works, but still...
I agree,
I've also mailed debian since I don't know if they follow this list (I assume,
but I'm not sure), also wrote SosPiro should be credited.
I hope they would give proper credit this time, since (well it was the only
bug report I ever wrote, but still..) when I mailed Debian about a security bug
I didn't got credit at all, also there was no communication about when they would
release new packages... I was waiting for a security advisory before I would
release the exploit, but this never showed up.
Then after a few days I saw on their webpage that there were new packages available...
Shouldn't vendors like Debian normally do such things (like in the RFP Policy)
or should I always explicitly ask this (maybe a good id anyway)?
Syzop.
PS: I don't know if Debian has improved their bug reporting/advisory's,
so forgive me if the things I said here are too old (it was ~half a year ago).
It's more about general bug reporting to well known vendors, not only Debian.
 By Date 
By Thread
Current thread:
|
Intro
