Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure

[Mike Ely <me@xxxxxxxxxxxx>]

Seems to me we have two positions that aren't that far apart but due to various 
reasons the conversation has devolved into something less worthy of a public 
discussion than most of what I see on Bugtraq.  FWIW I'm in the camp of "ship 
the software with secure defaults" but at the same time I agree that Reindl 
makes a valid point when he asks what exactly one means by "secure" (even if I 
don't agree with his reasoning in this case).

That said, the conversation has really taken an ugly turn, and I am humbly and 
only speaking for myself requesting that all concerned take some time to cool 
off, go for a walk (down to the pub if that helps), and come back with a focus 
more on the technical question at hand rather than the emotional response that 
has been rising to the top.

Thanks,
Mike