On Tue, 27 Jul 2010 12:36:37 am Stefan Behnel wrote:
geremy condra, 26.07.2010 16:29:
I've noticed that I don't have a lot of success in shifting this kind of debate, so I'm not sure it's a good idea to publicly discuss vulnerabilities in something that may wind up being implemented as-is, but it's up to you guys.
Hmm, security by obscurity? That's a good idea. Let's do that more often.
Shhh! Don't tell anybody! *wink* But seriously, I don't think Geremy is suggesting security by obscurity. It seems to me that he's merely suggesting that we are discreet about discussing vulnerabilities unless we have a plan to fix them. Whether such discretion is useful is an open question. It may be that the cat is already out of the bag and it's too late to be discreet, so we might as well not bother. -- Steven D'Aprano