[sldev] Viewer security vulnerability disclosure group

[Gordon Wendt]

> On Fri, Dec 26, 2008 at 2:40 PM, Gordon Wendt <GordonWendt at gmail.com>
> wrote:
> > If it's
> > something without a quick fix that can be fixed or even just mitigated
> > client side I trust Nicholaz and the other 3rd party viewer makers more
> than
> > LL to get a good patch out to their users.
>
> I'm confused at the distinction here.  If I take "without a quick fix"
> to mean something like "LL thinks the ETA for the fix is far enough in
> the future that sending separate disclosure to third-party viewer
> maintainers makes sense", this sounds a lot like an early disclosure
> group to me.  What's the difference?
>
> Celierra


My bad for not being more clear, by disclosing the problem I meant to
everyone not just to the "select" group of people.  If LL can't get a fix
out in time and especially if it's something that can be mitigated then
everyone should know about it so that they can at least do their best to
mitigate their exposure to it and  if it's a client side issue possibly
patch it themselves before LL can.

-G.W.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20081227/c0753dc9/attachment.htm