Am Sonntag, den 02.04.2006, 00:57 +0530 schrieb Rahul Sundaram: > On Sat, 2006-04-01 at 13:06 -0600, David Eisenstein wrote: > > Hello, > > > > The other week, I sent a notice to fedora-legacy-list and fedora- > > security-list regarding the Macromedia Flash critical vulnerability > > (CVE-2006-0024, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024) > > thinking that, even though it is proprietary and therefore Fedora Core, > > Legacy, & Extras do not distribute it nor provide any support for it, that > > I could tell my friends on both lists about it, since this bug has the > > alleged possibility to run abitrary code remotely and so is critical. > > > > Here's the post: > > <http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00107.html> > > > > Some reservations were expressed to me privately about using our mailing > > list(s) to broadcast such information, after I already sent the thing out. > > Yet I sent it out, because I felt it would be important for folks who > > don't get Red Hat Enterprise Linux's security errata to be aware of the > > issue so they can protect their computers. > > You are certainly allowed as a individual to post such warnings to the > list. Just make it explicit that you are posting not on behalf of the > project when it is controversial. Warren Togami for example made a > announcement on the arrangement he had with Macromedia for a flash > repository. That's would be my opinion, too. Cu thl -- Thorsten Leemhuis <fedora@xxxxxxxxxxxxx>
