Reporting security vulnerability

Steve Dodier-Lazaro sidnioulz at
Fri Jun 7 12:50:07 CEST 2013


I think you're being confused. It is a very common and logical practice to
let developers write a fix before disclosing a bug that might yet have to
be exploited, so that users have a protection available when disclosure
occurs. Bugs are usually disclosed without fix only when the software
maintainer refuses to provide one.

"Security" by obscurity refers to trying to make something "hard" to
exploit by hiding information, using awkward architecture designs, this
kind of stuff.

Steve Dodier-Lazaro
Information Security Research Group
University College London
Free Software Developer
OpenPGP : 1B6B1670
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Xfce4-dev mailing list