|From:||Brian Curtin <brian.curtin-AT-gmail.com>|
|To:||Gustavo Narea <me-AT-gustavonarea.net>|
|Subject:||Re: Releases for recent security vulnerability|
|Date:||Fri, 15 Apr 2011 07:30:54 -0500|
On Apr 15, 2011 3:46 AM, "Gustavo Narea" <firstname.lastname@example.org> wrote: > > Hi all, > > How come a description of how to exploit a security vulnerability > comes before a release for said vulnerability? I'm talking about this: > http://blog.python.org/2011/04/urllib-security-vulnerabil... > > My understanding is that the whole point of asking people not to > report security vulnerability publicly was to allow time to release a > fix. To me, the fix *was* released. Sure, no fancy installers were generated yet, but people who are susceptible to this issue 1) now know about it, and 2) have a way to patch their system *if needed*. If that's wrong, I apologize for writing the post too early. On top of that, it seems I didn't get all of the details right either, so apologies on that as well.
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds