[sldev] Viewer security vulnerability disclosure group

[Boy Lane]

So who decides who is "good" or "bad" to receive or
not to receive security 
bulletins? I think it's the wrong way to follow an
Apple's approach to keep 
security issues secret until they possibly are fixed.
I like the approach to 
openly disclose security gaps, make users aware of
imminent risk, and try to 
fix issues ASAP with help of the users. That's how
Microsoft handles it.

Surely there are defenders of both camps. But SL is
now opensource. I think 
the only way to properly handle security issues
detected is to make 
everybody aware of them. Not to select a few deemed
"white hats" to be 
informed but all people who work with the code. Be
ensured the "black hats" 
do the same.

One additional point @ Henri. You are registered with
your RL details @ LL. 
As such I don't see a point with anonymity here. There
is none.

Merry Xmas!

Boy

http://my.opera.com/boylane