[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security flaw in klock
From:       Alex Zepeda <garbanzo () hooked ! net>
Date:       1999-06-24 8:19:13
[Download RAW message or body]

On Wed, 23 Jun 1999, Maurizio Paolini wrote:

> Hello,
> this is my first post to this list, so please forgive me if this
> is off topic or badly formulated.

First post or not, this post is *completely* inappropiate.  Until I
stumbled over an ill-mannered RedHat employee, nothing had been sent
towards by you to anyone KDE related.  Please before you post something
that may or may not be a bug, check with the author, or some KDE related
person (when in doubt, coolo@kde.org or the KDE bug tracking system are 
safe bets).

Secondly, and in my opinion, more annoying (for lack of a better non four
letter word), in talking to this nameless RH employee over IRC, I learned
that he had come up with an exploit and sent it off to BugTraq (as of yet,
I haven't received anything of this nature from BT).  This was completely
unprofessional (should I expect more from RH? I doubt it).

In the future I'd like to request that if someone (especially someone
acting on behalf of a corporate entity) finds an exploit, that they would
kindly make a good faith effort to contact the maintainer of the program
(or in the case of KDE or Gnome) someone affiliated with the project.
Merely firing off a warning email and being too impatient to wait for a
reply (24 hours is far from unreasonable) is in extremely poor taste.

P.S. I truely hope that this employee will come up with the promised bug
fix.

- alex

I thought felt your touch
In my car, on my clutch
But I guess it's just someone who felt a lot like I remember you.
  - Translator

[prev in list] [next in list] [prev in thread] [next in thread]