[Zope-dev] RE: Resolved security-related collector issues forthepublic?

Paul Winkler pw_lists at slinkp.com
Thu Jan 22 15:57:26 EST 2004


On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
> Brian Lloyd wrote:
> >...or will decide that doing so is unreasonable and use something 
> >else instead :(  Note that I'm not necessarily criticizing that 
> >particular policy, just pointing out that _any_ policy will have 
> >some upside and some downside. The challenge will be coming to 
> >agreement on a policy with the right balance that everyone can 
> >live with.
> 
> How about something along the lines of:
> 
> - Development team only disclosure for the first x days (2 to 7 days is 
> the maximum here I would think), in order to develop a workaround/patch.
> 
> - Full disclosure after that, along with a published patch, hotfix or 
> workaround.

OK, but what if there is no patch, hotfix, or workaround ready
after 2-7 days?  Some of these bugs have taken much longer.
 
-- 

Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's PSUEDO LIGHTNING FRED!
(random hero from isometric.spaceninja.com)



More information about the Zope-Dev mailing list