[FreeNX-kNX] Policy for handling security problems

[Gian Filippo Pinzari]

Hi,

we recently found that SecurityFocus had filed an advisory for a suppo-
sed security problem only affecting FreeNX, not NoMachine. At Security-
Focus they said that the security problem had been reported by a Linux
vendor. Unfortunately I can confirm that we had never discussed this
issue with anybody at SecurityFocus or at this Linux vendor.

For the future, I propose that people get in contact with our support
staff for reporting bugs and possible security issues. It's not nice
to find yourself mentioned in a security advisory without even knowing
what people are talking about.

I don't know if this has become the standard in this industry, but I
think that this is not in the interest of the users. What users need are
quick response time, timely fixes and correct communication. I'm happy
to say that, so far, this has worked wonderfully well with Fabian, Kurt
and the other FreeNX people.

/Gian Filippo.