Before this thread erupts into a flame war, it might be worth re-reading the BugTraq charter. <http://www.securityfocus.com/popups/forums/bugtraq/intro.shtml> <http://tinyurl.com/32zlc> A quick excerpt: "BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them." From: Alun Jones [mailto:alun@texis.com] <snip> > I really don't know why _you_ signed up for Bugtraq. Me, I > signed up because someone posted an exploit for my software > here some time ago, and didn't bother to tell me about it > first. I'd like to think that isn't Bugtraq's purpose. > > I'd like to think that Bugtraq positions itself as something > more than a semi-sneaky, behind-the-back-of-the-vendors rant > group, or an assembly point for root-kit starters. > Moderators, please stop accepting posts where the poster has > stated specifically that they have not yet notified the > vendor, or where the only new thing that is contributed is a > more insidious version of an existing exploit. And posters, > please consider carefully before you post whether what you > post is going to contribute to an increase in security or a > decrease in security. If you cannot claim that your post > will help to improve security, then do us a favour and take > it somewhere else. <snip>
