Jamie Heilman wrote Given that ZC clearly doesn't have the resources available to do (a), irrespective of if its even technically feasible, we can rule it out. And (b), well (b) just screws everybody. Exploits are a byproduct of understanding the vulnerability, they're a natural part of experimentation and learning. You usually can't discuss a vulnerabilty without implying the exploit. If you really want to help people who can't help themselves, offer education, not censorship in the guise of protection.
Worse yet, hiding the security bugs mean that other people who might be motivated to supply fixes are unaware of the issue and cannot help. I'd be +1 on exposing the security bugs - maybe after 2 weeks so that critical security flaws have a chance to be fixed immediately. But it should be an automatic thing, not something that requires manual intervention. Anthony -- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.