Why did we use this phrase?

David Miller justdave at syndicomm.com
Thu Jan 9 09:44:00 UTC 2003

On 1/9/03 9:44 AM +0000, Gervase Markham wrote:

>>>Why did we use that second sentence in our advisory? Taken at its
>>>obvious meaning, it's totally untrue, and it makes us look like clueless
>>>idiots who don't know the first thing about web app security.
>> We didn't.
> Oh. :-) I'm sure I noticed that phrase in one of our drafts. But maybe I
> was hallucinating.

We didn't.  Trust me.  I went ballistic when I saw Debian's advisory and
went back to check to make sure. :)  I raised hell with both them and
SecurityFocus over it (SecurityFocus had that wording on their website as
Dave Miller      Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/             http://www.bugzilla.org/

More information about the developers mailing list