Quote:
Originally Posted by Branch Delay
I wish someone would have paid me off. I'd gladly take cash over internet thanks. 
pdurrant hit the nail on the head. |
I think we can all accept the process of responsible disclosure, also If there is a need for further testing, before an open release "as a packaged jailbreak" we'd be all for it.
But there is the process also - you didn't publicly disclose the exact deadline you gave Amazon to react, you didnt disclose the nature of the exploit and the potential dangers it imposes to the ecosystem (- which again, you usually do), and when Amazon finally responded - you communicated, that it was a last minute action, that you would have to honor it - because, this still is a process of responsible disclosure, and then went dark. Asking for our understanding - that you would hold the interests of the company over our interests as a public.
At the time I honestly interpreted it as "fishing for connections" as well. As mostly coming from a position of self interest.
Within the normal responsible disclosure process you openly communicate a deadline. Once a direct contact to the company is established and talks are under way - you may and possibly even should allow them some leeway getting their bugfix release ready - but still leave a persistent notion that you plan to release.
You finally did that - but only after being asked to, and after some people already started to voice their frustrations about possibly missing out on a release.
So while we still very much want this exploit to be released in the form of a jailbreak, and _would_ pander to receive it
- there is this notion that you have softballed the issue in regards to the corporate communication side of things.
So if slight criticism is allowed, I have to hit you with some.
Just in the interest of a fair representation of the proceedings.
Also I wont turn this into something bigger than it is - and am very prepared to drop it. In fact, thats what I will do right after I hit post..