[Zope-dev] RE: Resolved security-related collector
issues forthepublic?
Paul Winkler
pw_lists at slinkp.com
Thu Jan 22 15:57:26 EST 2004
On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
> Brian Lloyd wrote:
> >...or will decide that doing so is unreasonable and use something
> >else instead :( Note that I'm not necessarily criticizing that
> >particular policy, just pointing out that _any_ policy will have
> >some upside and some downside. The challenge will be coming to
> >agreement on a policy with the right balance that everyone can
> >live with.
>
> How about something along the lines of:
>
> - Development team only disclosure for the first x days (2 to 7 days is
> the maximum here I would think), in order to develop a workaround/patch.
>
> - Full disclosure after that, along with a published patch, hotfix or
> workaround.
OK, but what if there is no patch, hotfix, or workaround ready
after 2-7 days? Some of these bugs have taken much longer.
--
Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's PSUEDO LIGHTNING FRED!
(random hero from isometric.spaceninja.com)
More information about the Zope-Dev
mailing list