There has been some confusion over today’s security vulnerability and our policy on responsible disclosure and account suspension that I’d like to clear up.
[I think they’ve covered this fairly well. Not awesome, but fairly well. The biggest problem is that they weren’t completely forthright about what happened in their first blog post. Maybe they should’ve have waited a little while longer before posting… but I’m Monday morning QB’ing here. It’s all too common for people to take an all or nothing response to everything. They’re the best! They’s the worst! But that’s too easy. Rarely is life so binary. Besides, it’s all too easy to throw stones and in case there were two large targets… Rails and Github. Meh to all. ]