Fwd: When will this security bug been fixed?

David Woolley forums at david-woolley.me.uk
Mon Jan 25 17:38:02 EST 2010


Brian Lu wrote:
> Any know about this?
> 

Please see http://developer.pidgin.im/wiki/SecurityVulnerabilityProcess

This security issues seems to have been made public in violation of the 
reporting guidelines.  That often happens for self promotion reasons. 
2.6.4 is too recent for anyone to justify release on the basis that the 
developers were being unreasonably slow.

As you can see from that link you will not get any useful response until 
patches have been issued to packagers, and they have been given a chance 
to create fixed ones.

Please note that I am not on the security mailing list, so I have no 
access to privileged information on this subject.

Note to the authors of the guidelines;  "We take XXXX seriously" are 
discredited words in stock replies.  You really need to back them up by 
real statistics on time to fix.  Every marketing department uses this 
sort of form of words, often when the reality of the organisation is 
very different, although I believe that Pidgin developers really will 
treat problems seriously.

-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.



More information about the Support mailing list