Fwd: When will this security bug been fixed?
David Woolley
forums at david-woolley.me.uk
Mon Jan 25 17:38:02 EST 2010
Brian Lu wrote:
> Any know about this?
>
Please see http://developer.pidgin.im/wiki/SecurityVulnerabilityProcess
This security issues seems to have been made public in violation of the
reporting guidelines. That often happens for self promotion reasons.
2.6.4 is too recent for anyone to justify release on the basis that the
developers were being unreasonably slow.
As you can see from that link you will not get any useful response until
patches have been issued to packagers, and they have been given a chance
to create fixed ones.
Please note that I am not on the security mailing list, so I have no
access to privileged information on this subject.
Note to the authors of the guidelines; "We take XXXX seriously" are
discredited words in stock replies. You really need to back them up by
real statistics on time to fix. Every marketing department uses this
sort of form of words, often when the reality of the organisation is
very different, although I believe that Pidgin developers really will
treat problems seriously.
--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support
mailing list