unisoft 363 Posted 8 hours ago Posted 8 hours ago 20 hours ago, RanmaCanada said: And this is why I said that people here were making a mountain out of a molehill, and yet they still thought they knew better.. This doesnt alter the fact there should be a deidcated secutity page where facts can be published and the process of reporting new security issues. It would help everyone and avoid posts like yours where the community is either arguing against each other or towards the developers. 1
RanmaCanada 553 Posted 3 hours ago Posted 3 hours ago 5 hours ago, unisoft said: This doesnt alter the fact there should be a deidcated secutity page where facts can be published and the process of reporting new security issues. It would help everyone and avoid posts like yours where the community is either arguing against each other or towards the developers. They do have a a dedicated security page, it's just not on the forums, it's where it's supposed to be, on the github pages. There is also nothing to stop people from looking at the CVE pages to see what the dangers are, as everything is typically spelled out there in plain english (exactly what I posted). Yes we have a lot of ignorant users on the forums, but anyone with a functional brain would know to look at these places, and dumbing things down to the common people is something that I'd argue only needs to be done when it's something serious, which the dev team has done in the past, and this was not serious. Otherwise, people blow things out of proportion and get their knickers in a twist and start saying things they don't understand while puffing out their chests and act like they understand what they are talking about.. A little knowledge is dangerous, specially when those that have it don't understand what they have while claiming they do. 1 1 1
unisoft 363 Posted 2 hours ago Posted 2 hours ago 1 hour ago, RanmaCanada said: They do have a a dedicated security page, it's just not on the forums, it's where it's supposed to be, on the github pages. There is also nothing to stop people from looking at the CVE pages to see what the dangers are, as everything is typically spelled out there in plain english (exactly what I posted). Yes we have a lot of ignorant users on the forums, but anyone with a functional brain would know to look at these places, and dumbing things down to the common people is something that I'd argue only needs to be done when it's something serious, which the dev team has done in the past, and this was not serious. Otherwise, people blow things out of proportion and get their knickers in a twist and start saying things they don't understand while puffing out their chests and act like they understand what they are talking about.. A little knowledge is dangerous, specially when those that have it don't understand what they have while claiming they do. Odd then that Microsoft, Apple, Oracle and many others have dedicated web pages for it and dont expect end customers to know about git hub and trawling it. You make incorrect assumption that everyone is dumb or common people. CVE numbers can point to a security vulnerability, but they dont always tell you the full range of products affected and versions or mitigating workarounds that a software vendor would. If the information is clear and severity level clear then nobody is going to get their knickers in a twist like you say. I expect the info on the software vendors web site without having to go to 3rd party places. It's a response from them for a start.....
softworkz 5254 Posted 47 minutes ago Posted 47 minutes ago (edited) I am sure that every Microsoft, Apple or Oracle customer would cry with happiness for having the opportunity to get direct answers from the people in charge in a forum. Edited 46 minutes ago by softworkz
softworkz 5254 Posted 46 minutes ago Posted 46 minutes ago But seriously: The idea is plausible for sure. In fact, during the botnet incident two years ago, we had started a "Security Incidents" section as part of the documentation. And it just didn't work out. We've been busy all the time and couldn't keep it up-to-date continuously. And when it was updated and users were pointed at it, they still continued to ask questions, including things that were answered there. Nobody cared about it and we were answering questions in the forums all the time. At the end, even I had forgotten about it and it wasn't even updated with the outcome but nobody ever came asking about it. Eventually the section was removed, because nobody was interested in this anymore. We are small and cannot be compared with companies like MS, Apple & Co - this is a whole different world, and also we do not have that many security issues to deal with. In turn, a security page with less than a handful of incidents and maybe the newest being a year old would not make a good impression (people might easily draw wrong conclusions) and while there is an active incident, people would still be asking the same kind of questions and we'd see the same kinds of discussions like here (excepting the side-track about a "security page", but then probably about why it doesn't get updated by the minute). If it were a larger number - it might be a different story. We'll see and adapt to the situation if necessary. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now