[development] Irresponsible security researcher

[Chris Johnson]

Not that we need to have an extensive discussion on this character,
but I'm in agreement with sun.  JKK is -- as one subculture of slang
in America would say -- "dissing" [1] the Drupal community and
security team.  And although it is only the written word, I detect a
personality in his writings which is not the kind of person I'd want
to work with or associate with.  It's not just that he disagrees, but
that he thinks he is better and the rules (if any) in any situation do
not apply to him.

But as sun wrote, there's not much we can do.  It probably won't help
our cause to intentionally irritate him.

[1] http://en.wiktionary.org/wiki/diss

On Wed, May 13, 2009 at 3:36 AM, Daniel F. Kudwien
<news at unleashedmind.com> wrote:
>> He is just one more who does not believe in the practices of
>> the community.
>
> You, he, me, and everyone else is free to believe whatever one wants to
> believe.
>
> As long as this belief does not result in actions that harm someone else.
>
>
> Justin Klein Keane's publications harm the Drupal community and Drupal site
> owners at glance.  We, the Drupal community, set up and agreed on the
> security review and announcement process the way it works today.  His posts
> are hi-jacking this process; and that's why he is absolutely irresponsible -
> no matter whether his findings are valid or not.
>
> The result of Justin Klein Keane's actions is that people may think that
> Drupal is insecure - not providing fixes for potential security
> vulnerabilities that may exist.  Contrary to what Justin Klein Keane thinks;
> he does not help anyone.  Justin's assumpations only make things worse.
>
>
> True is that we cannot prevent him from doing so.
>
> True is also that he is not respecting the Drupal community and Security
> Team by doing so.
>
> But true is also that we do not have to respect him for his actions if he
> even continues to harm everyone after trying to get him on board.
>
>
> sun
>
>