Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Andres Petralli wrote:

> Look, I compiled this FREE package for everyone to use, now the only
> thing I do is tracking who used it. Do you think this is a privacy
> violation?

Andres, I don't think it's a privacy violation, I KNOW it's a privacy
violation.

It wouldn't be if you disclosed it before install in a manner that no
one would miss.

But you didn't bother to tell us.

That makes your contribution quite suspect.

> I could ask money for it and not give the package to you
> until you sign a contract and give me your full name, including your
> birthday.

Maybe you should have; then we would have known you wanted the
information.

> Is that a deal to you? Well, the only thing that is
> interesting in that e-mail is the kind of hardware people are using, and
> this gives me an idea what kind of system I will expect when I'm doing
> more of those packages.

Then why didn't you tell us in advance?

> Your hostname, by the way, is public anyway as
> everything is public on the web. And now tell me which information in
> this e-mail is sensitive to your privacy?!

That's good, Andres, first gather information directly from our
computers without telling us, and then argue with us that it's okay.

That's a great way to make us feel comfortable with you.

Taking the admin email address alone, even if you'd done nothing else,
is improper.  I don't give out my addresses unless I want to.  Plain and
simple.

Sorry, you made a mistake.  Until and unless we get a believable
heartfelt apology we're going to have trouble believing in your good
intentions.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484