[Distutils] a plea for backward-compatibility / smooth transitions

[Donald Stufft]

On Jul 30, 2013, at 3:01 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:

> I don't know what I'm supposed to infer from such a statement, except that I
> probably don't want to trust you. You might think that "publish[ing] working
> exploits into the wild" is some kind of heroic, altruistic act, but I think few
> people would agree.


Full Disclosure is a common practice amongst security professionals when
the upstream project is unwilling to rectify the problem. So yes I do think
the practice of Full Disclosure is an altruistic act and often times the only
thing that gets people who don't care to pull their head out of the sand
and actually care.

If you don't believe my words on it here's an essay by Bruce Schneier
one of the foremost experts on security and a well respected and well
trusted member of the security community.

https://www.schneier.com/essay-146.html

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130730/a4c1f7ca/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130730/a4c1f7ca/attachment-0001.pgp>