[Full-Disclosure] (offtopic) datestamp formats and timezones
justin-fulldisclosure at soze.net
Tue Jun 10 20:26:11 BST 2003
Steven M. Christey (2003-06-10 17:00Z) wrote:
> >> Vendor has been contacted on 01/06/2003 and fix is available from cvs at
> >> http://www.mnogosearch.org.
> > 5 months... This is full disclosure?
> Maybe that date is really June 1, 2003, since many countries list the
> month second, not first.
> By the way, these DD/MM/YYYY or MM/DD/YYYY formats often make it
> difficult to quantify how much notice a vendor really had before the
> issue was published. This has affected the accuracy of my past
> aborted attempts to figure out how long vendors *really* take to fix
> issues, and it may hamper any future attempts.
> Using formats like YYYY/MM/DD or "Month DD, YYYY" generally seems to
> address the confusion.
The former is open to confusion. There is an ISO standard. Use it or
write datestamps in long date/time formats (like the second example)
that are not open to incorrect interpretation.
BNF of ISO 8601 is here:
And then there's the "my timezone is famous, I don't even have to
specify it" syndrome. No, we really don't know what timezone you're in
(or think you're in) unless the message is about an event at a
particular location. And does someone in South Africa really want to
look up the semantics of the U.S. MDT timezone? Use <+|->xx[:xx] and
avoid the confusion.
Freedom's untidy, and free people are free to make mistakes and commit
crimes and do bad things. They're also free to live their lives and do
wonderful things. --Rumsfeld, 2003-04-11
Full-Disclosure is hosted and sponsored by Secunia.