Adam Back wrote:
I think HP were wrong, and find their actions in trying to use legal scare tactics reprehensible: they should either negotiate a price, or wait for the information to become generally available.
Amen. Incidentally I was put under a lot of pressure when releasing the OpenSSL advisory a few weeks ago to allow CERT to notify "vendors" before going on general release. I have a big problem with this - who decides who are "vendors", and how? And why should I abide by their decision? Why should I pick CERT and not some other route to release the information? Also, if the "vendors" were playing the free software game properly, they wouldn't _need_ advance notification - their customers would have source, and could apply the patches, just like real humans. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com