Quote:
Originally Posted by -=Sniper=-
Have I said Jelsoft should be held reposible for anything made by 3rd party, where SHOW ME! Jelsoft choose not to inform users when they discover a security issue but only and as quickly as the release the fix.
So its fine for Jelsoft not to inform its users but not me? you don't seem to make sense, you are asking me to inform all my hack users, then why not Jelsoft?
|
So because Jelsoft follows such a practice that makes it ok for you to do so?
Quote:
|
who said it does? so you like Jelsoft practices but not mine, its a shame that the practices are exactly the same! yet you see a difference? I wan't to try and make sure when I inform users of a security issue I issue the fix at the same time, if I am unable to fix its fair to say I should inform them with 24 hours IF i can't fix it!
|
We aren't talking about Jelsoft, though you keep trying to use them as your defense. So again you advocate leaving the end user and their customers vulnerable to cover your own reputation. Nice.
Quote:
|
the same again applies with every script out there not matter who creates it, if no one reports a security issue, it won't be fixed. Remember the user reporting has done so in good faith so the issue can be fixed, no doubt there are users who won't report it and rather take advantage. Ones a issue becomes public it becomes a race to get the fix out before even more users are able to take advantage. Now the minority has become the majority. And now there's more pressure on the mod creator.
|
You have no idea if the exploit has already been know by others and is only now being reported by a responsible person. But apparently the risk to the people who are using your mods means nothing to you save what it means to your reputation should it be found out that your mod has a security flaw.
Quote:
|
Wait so Jelsoft have the right to make the decision for you and I don't? why not me? Wheres my right? So you trust Jelsoft more than the coders here.
|
Again, quit trying to use Jelsoft's practices as an excuse for your own. If you or I have an issue with how Jelsoft handles security for vBulletin it belongs over at the vb.com site, not here. We are talking about security risks in the mods available here.
Quote:
Originally Posted by hambil
Jelsoft has made it abundantly clear they have no liability for any mods on this site, period.
|
That means absolutely nothing and would not prevent Jelsoft from being drug into court should someone decide to sue them over a vulnerability in a mod obtained from here. It also does not necessarily mean they will win either, particularly if they were aware of a security vulnerability in a given mod and allowed it to continue to be available and did not warn those who had it installed.
Quote:
Originally Posted by hambil
Jelsoft has made it abundantly clear they have no liability for any mods on this site, period.
@Sniper: I'd focus your arguments on staff and not get sidetracked by posts from members, for what my opinion is worth  |
So the opinions of the users of these mods doesn't matter? Guess I should have already realized that from those coders who are condoning leaving the users vulnerable because announcing a flaw in their code might hurt their reputations.
I've been programming for better than 20 years and I'm quite aware that stuff happens and vulnerabilities occur. It's a fact of life when programming. What I have an issue with are those coders who are willing to leave their users hanging and at risk rather than notify them immediately of the risk and then working to get a fix out as fast as possible. That's just plain irresponsible. I have a lot more respect for the coder who thinks of their users first and their reputations second.
More Information