If a developer knows a bug has a definite security impact, I want to know that. That's all. Nobody else can know what's in his or her head, or read what's on the bug reports that have been submitted.
Be honest about known security implications, instead of hiding them. It's not a difficult request. It probably takes more work to come up with euphemisms to hide the security issue, than it does to just write what they're actually doing.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds