[development] Irresponsible security researcher

Daniel F. Kudwien news at unleashedmind.com
Wed May 13 08:36:10 UTC 2009

> He is just one more who does not believe in the practices of 
> the community.

You, he, me, and everyone else is free to believe whatever one wants to

As long as this belief does not result in actions that harm someone else.

Justin Klein Keane's publications harm the Drupal community and Drupal site
owners at glance.  We, the Drupal community, set up and agreed on the
security review and announcement process the way it works today.  His posts
are hi-jacking this process; and that's why he is absolutely irresponsible -
no matter whether his findings are valid or not.

The result of Justin Klein Keane's actions is that people may think that
Drupal is insecure - not providing fixes for potential security
vulnerabilities that may exist.  Contrary to what Justin Klein Keane thinks;
he does not help anyone.  Justin's assumpations only make things worse.

True is that we cannot prevent him from doing so.

True is also that he is not respecting the Drupal community and Security
Team by doing so.

But true is also that we do not have to respect him for his actions if he
even continues to harm everyone after trying to get him on board.


More information about the development mailing list