Security policy and secrecy

From @geebotron on Tue May 10 2016 16:30:20 GMT+0000 (UTC)

I’m interested in your security policy.

On this page you request serious security vulnerabilities in IPFS be reported privately and not made public. This is in contrast to, say, the OpenBSD security policy which encourages full public disclosure.

I’m interested to know how you think your policy improves the security of someone who hosts a “live” IPFS node, given that any vulnerability you have been made aware of, may also have been circulated among other “organizations”?


Copied from original issue: https://github.com/ipfs/faq/issues/118