Oh, Sorry didn't catch the whole thread. I can agree with that. I thought you were still saying it was ok for them to wait to announce the problem until they had a fix, which I think is wrong.
>>I don't think that's too much to ask.
>
>You're right, thats not too much. It also isn't what we're talking about. I'm saying that full disclosure of security and privacy flaws including all detail and even exploitation code is not a good thing.
Tony
Skill comes from Diligence