It seems that they don't know the meaning of responsible disclosure. They
should have given you some time
before going public. Unfortunately there are plenty of drama queens in the
IT security field.

All responsible disclosure be gone, for I want to have the attribution:
first post is all that matters.
It builds cred among the "customer base".



----appa



On Fri, Apr 26, 2013 at 10:28 AM, Maxim Konovalov <maxim@nginx.com> wrote:

> Hello,
>
> On behalf of the nginx team I want to let the community know that we
> are aware of the recent security announce[*] and working on the
> issue. We will share our conclusion when get more details about its
> nature and impact.
>
> * http://www.securityfocus.com/archive/1/526439/30/0/threaded
>
> --
> Maxim Konovalov
> +7 (910) 4293178
> http://nginx.com/services.html
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx