I must say, I don't think keeping the exploits secret, when the software is not going to be changes changed to address them, is a good idea. Apparently the appropriate line of defense (I agree with what Chip Salzenberg said at the end of the thread) is with the dev anyway. I R DEV. THIS THREAD IS IN MY INTREST.
| [reply] |
And how many $s does it take to corrupt a perl dev on that list and get a zero day? | [reply] |
There is no basis to insinuate corruption in Perl's security list. this is a red herring. Responsible disclosure has two parts: RESPONSIBLE and DISCLOSURE. Reini has failed at disclosure, and his continued baseless rumormongering fails at responsibility.
| [reply] |