Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Disable/enable Java/Javascript
0 views
Skip to first unread message
Jerry Baker
Mar 23, 2000, 3:00:00 AM3/23/00
to
Daniel Veditz wrote:
>
> Mike Shaver wrote:
> >
> > Jerry Baker wrote:
> > > I'm not allowed to see that bug.
> >
> > That seems pretty wrong. I'll give it until the end of today for
> > someone to justify the Netscape-confidentiality to me, or I'll assume it
> > was a mistake and just open it up.
> >
> > There's no mention of proprietary information in there, or anything.
>
> For those of you watching at home further discussion on this topic in the
> bug revealed that Norris has been marking security hole bugs private to
> prevent script-kidde like folks from just scanning for "Security" bugs and
> then attacking people.
>
> Shaver raised the good point that this now means that only Netscape knows
> about potential security problems, not any other person or company who
> wants to ship a version of mozilla.
>
> Two very valid concerns in conflict. Discussion should continue in the
> n.p.m.security group.
>
> -Dan Veditz
>
> Mike Shaver wrote:
> >
> > Jerry Baker wrote:
> > > I'm not allowed to see that bug.
> >
> > That seems pretty wrong. I'll give it until the end of today for
> > someone to justify the Netscape-confidentiality to me, or I'll assume it
> > was a mistake and just open it up.
> >
> > There's no mention of proprietary information in there, or anything.
>
> For those of you watching at home further discussion on this topic in the
> bug revealed that Norris has been marking security hole bugs private to
> prevent script-kidde like folks from just scanning for "Security" bugs and
> then attacking people.
>
> Shaver raised the good point that this now means that only Netscape knows
> about potential security problems, not any other person or company who
> wants to ship a version of mozilla.
>
> Two very valid concerns in conflict. Discussion should continue in the
> n.p.m.security group.
>
> -Dan Veditz
How about people that have priviledges to confirm bugs can look at
security issue bugs? At least to get that status in Bugzilla you have to
hang out for awhile.
--
Jerry Baker
PGP Mail Preferred
Key: http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x09DE91C6
Mike Shaver
Mar 23, 2000, 3:00:00 AM3/23/00
to
Jerry Baker wrote:
> How about people that have priviledges to confirm bugs can look at
> security issue bugs? At least to get that status in Bugzilla you have to
> hang out for awhile.
> How about people that have priviledges to confirm bugs can look at
> security issue bugs? At least to get that status in Bugzilla you have to
> hang out for awhile.
This, and other related issues, are being discussed in .security.
Mike
--
263003.84 214555.55
0 new messages