On 1/30/2005 10:18 AM, Peter Eisentraut wrote:
Dawid Kuroczko wrote:I think it is in good taste that when you find a bug/vulnerability/etc first you contact the author (in this case: core), leave them some time to fix the problem and then go on announcing it to the world.
In this case, core is not the author of the object in question. And of course, to report a "bug/vulnerability/etc" you would write to pgsql-bugs, not core.
No, Peter.
Posting a vulnerability on a public mailing list "before" there is a known fix for it means that you put everyone who has that vulnerability into jeopardy. Vulnerabilities are a special breed of bugs and need to be exterminated a little different.
Jan
-- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@xxxxxxxxx #
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend