[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-promo
Subject:    Re: [kde-promo] Re:  Re:  Re:  Re: discussion? where? well, not here...
From:       Dirk Mueller <mueller () kde ! org>
Date:       2002-11-27 0:30:04
[Download RAW message or body]

On Die, 26 Nov 2002, Neil Stevens wrote:

> .. other than "turn off this thing until it's fixed?"
> 
> It's not that hard.

its not that hard when you know _what_ "this thing" is. In example it wasn't 
clear at all that telnet:// protocol in KDE 2.x is vulnerable until the code 
was actually reviewed for those problems. 

Yes, the announcement came as soon as we knew about all the problems. If you 
care to inform yourself, the time between the last security fix being 
checked into KDE CVS repository and the announcement was somewhat around a 
few hours, a day at most. 

When you compare that with companies where the exploits are found in the 
wild for several months before they care to inform their users I think this 
is pretty good. 

> And in the interests of honesty, readers of dot.kde.org deserve to be told 
> when the site will refuse to warn them of problems.

And in the interest of the site (honor of journalism if you want to call it 
that way) it shouldn't post crap articles that are written by people who 
don't knew what the actual problem was at the time the article was 
published. 


-- 
Dirk (received 33 mails today)
 
_______________________________________________
This message is from the kde-promo mailing list.

Visit http://mail.kde.org/mailman/listinfo/kde-promo to unsubscribe, set digest on or \
temporarily stop your subscription.


[prev in list] [next in list] [prev in thread] [next in thread]