i see you're getting sidetracked into various things which is a good sign that i raised valid
points you don't contest.
> You've several times provided links which actually don't say what you
> claim they do.
this is a blanket statement without any proof/explanation. elaborate please.
> This time you suggested that the Linux security list has
> a policy of full disclosure, when in fact the document you mentioned
> uses weasel words to declare that disclosure should happen "as soon as
> possible" which means nothing at all.
said document talks about 'full disclosure', not mere 'disclosure' (nice attempt but you got
caught). second, if you cared to read the comment at the bottom of this thread, you'd realize
that said document doesn't at all raise the issue of the amount of disclosure, only its
potential timing. so we're in agreement that the disclosure policy is 'full disclosure' (and
which is what wasn't observed in several cases i cited). i've said nothing else and you
haven't contradicted it either. and frankly, if you're not an active party in all this
non-or-half-assed-disclosure process, you have zero idea about what you're talking.