[quiklink]

Quote:

Originally Posted by hambil

But those examples aren't like 'everything'. They are life and death. Anytime something is a matter of life and death companies always immediately inform everyone (let's not get into automobile recalls that are not done or delayed - yes companies make evil decision, too but as a rule in life and death people are immediately informed).

Nothing on this site will kill you.

Wow, just wow. So the damage to my business through the loss or compromise to data on my system through a security vulnerability you created means nothing. It's more important that your reputation be protected. Nice attitude.

And again trying to defend this position by basically saying, 'well others do it so I should be able to as well'...

Quote:

Originally Posted by -=Sniper=-

well have you considered the FACT instructing users to uninstall a mod would do the same thing, not everyone backups their data or knows that on on uninstalling the mod it would remove the related database tables. Now the mod could be a gallery or a article system etc

That's the end user's problem not yours. As I said before you can't fix stupid. If they haven't been backing up their data, that's their fault. That aside, there is also the matter of compromised data, such as personal information being stolen, the possibility of root server accces through the vulnerability, etc.

Sorry, there is NO excuse or reasonable reasoning for not informing the end user immediately upon the discovery of a security issue.

Quote:

Originally Posted by Marco van Herwaarden

We will not be sending out emails to users with the advice to 'uninstall' anymore. We will advice non-destructive methods. If we can already give a really more tailored advice at this time i am not so sure about yet.

Good to hear. Keep up the good work guys!