[Full-Disclosure] Re: The Cult of a Cardinal Number
Mark Lowes
hamster at proftpd.org
Wed Mar 3 09:36:47 GMT 2004
On Tue, 2004-03-02 at 05:37, Phantasmal Phantasmagoria wrote:
> - ---- Final thoughts ----------------
> It is difficult, if not impossible, to please every group of the security
> community when releasing information pertaining to a vulnerability. Some
> will say that I should of contacted the vendor, some will say I should
> of kept the bug to myself, some will say I should of released exploit
> code. I can only offer one account; The Cult of a Cardinal Number has
> finished. It was found, exploited, and patched. And it has finished.
A cc of this email to security at proftpd.org would have been appreciated
if you felt the need not to give any prior warning to the team so
problematic versions could be removed from the ftp archives and/or
patched.
Mark Lowes
--
Mark Lowes <hamster at proftpd.org>
Full-Disclosure is hosted and sponsored by Secunia.