[kde-announce] KDE Security Advisory: Konqueror Referer Authentication Leak

Aaron J. Seigo aseigo at kde.org
Wed Jul 30 21:41:16 CEST 2003

Hash: SHA1

On Wednesday 30 July 2003 08:14, Rob Kaper wrote:
> On Tue, Jul 29, 2003 at 07:56:16PM +0200, Dirk Mueller wrote:
> > > Why does it take 18 days to release a security update?
> >
> > It takes the time it needs to ship the fix.
> I would say that three business days should be enough for any
> self-respecting, commercial, professional distribution. I'm talking about
> the security fix here, no a complete KDE upgrade.

i'm unsure how to reply, as i'm not sure whether you are speaking from an 
informed position re: security or whether you are simply speaking from a 
theoretical standpoint. i say this because your argument sounds like that of 
someone who  has a theoretical unerstanding, rather than a practical one, of 
the topic.

have you ever been directly involved with mandating and performing the 
security processes of a substantial software project, or involved in 
providing security services to such a project? if so, would you mind offering 
an example?

please note that the above isn't meant as insult, anymore than you asking me 
if i had ever skydived would be an insult if we were talking about safety 
precautions involved in skydiving. =)

- -- 
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)


More information about the Kde-policies mailing list