And I think whether there was incomplete preparation for reception
of the security report in the XOOPS community in Japan.
Though the vender was in other countries in this case,
It was a user in Japan that used it, and used it on the site in Japan.
We have the receipt entrance and bug-tracking, it corresponds to the
security and the function demand to the XOOPS core and appending modules.
Even if the function demand of the module made by the third party is spoken
in our forum, we don't have the receipt entrance of the security to them.
The report can be able to forget in many cases or are reported
directly by the vender if lucky. It is difficult for the user
to report in the language that is not the mother tongue.
There are such circumstances, too.
# Moreover, a lot of Japanese know the event that a certain Japanese
# was arrested by the police recently because of crossing of the way
# of the security report (If you want to learn it in detail, please
# look for by the key words of "Office" and "ACCS".)
The fate of the delivered report is various.
- It will not have been.
- Time hangs in the answer.
- The fix is quietly done on the vender site.
- It is made public only in a local XOOPS community.
- It is likely to be likely to be notified indirectly or directly
on this site by the vender himself or the third party.
Even if it is a module made by the third party, I want the flow
united a little more. It is easy to use for the developer
and each reporter, and is the certain one.
I think
CVE,
CERT/CC, and BugTraq to be the unsuitable one
in such a usage.
