mazzilliu
Caldari Sniggerdly Pandemic Legion
|
Posted - 2011.04.12 03:12:00 -
[1]
apparently the guy who first reported the issue and later got banned said that his initial exploit report was incomplete, but there was no ccp effort to get him to elaborate.
perhaps it would be an improvement to have some sort of followup for security related reports, in case the reporter does not understand how to properly demonstrate an exploit, to try to get him to communicate clearly, rather than brush them off as another incomplete bug report or potential troll. i think if that happened the forums might have gone down some time sooner.
|
mazzilliu
Caldari Sniggerdly Pandemic Legion
|
Posted - 2011.04.12 15:51:00 -
[2]
Originally by: CCP Sreegs
Originally by: Mag's I know you point out that there are good and bad ways, to report an exploit. I also understand the stance, of not discussing administrative actions.
That being said, one person did petition the issue at hand with details. The forum was taken down, only for it to go back up again, in the same sorry state. It was only a post from said banned person after this, that meant the forums were taken down again. Although he did break rules, it was in your best interest that he did.
Does this make it right, well no. But you all seemed so caught up with getting them back on asap, that you missed the point completely. He did want he deemed was the fastest most direct way, of pointing out that you had failed to heed the warnings.
How can we have any faith in the petition system, that this won't happen again? Many, many petitions get answered with a copy & paste reply, without the content seemingly even being read.
The forums were actually brought back up in a different sorry state.
I can't discuss administrative actions means I can't discuss administrative actions, which means I can't discuss your speculation.
You can have faith in the fact that if you follow the procedures I outlined you'll never get into any trouble and I will see and action on your problem. I specifically gave the email because I'm still working on making sure things like this don't get lost in the petition system.
confirming the security email is the way to go. issues ive reported in the past got addressed and the fact that i'm not banned does say something.
|