Re: [Full-disclosure] Apache suEXEC privilege elevation / inform
Seems to me we have two positions that aren't that far apart but due to =
various reasons the conversation has devolved into something less worthy =
of a public discussion than most of what I see on Bugtraq. FWIW I'm in =
the camp of "ship the software with secure defaults" but at the same =
time I agree that Reindl makes a valid point when he asks what exactly =
one means by "secure" (even if I don't agree with his reasoning in this =
case).
That said, the conversation has really taken an ugly turn, and I am =
humbly and only speaking for myself requesting that all concerned take =
some time to cool off, go for a walk (down to the pub if that helps), =
and come back with a focus more on the technical question at hand rather =
than the emotional response that has been rising to the top.
Thanks,
Mike=
討論串 (同標題文章)
完整討論串 (本文為第 29 之 32 篇):