Yeah I did. As I said, maybe they thought this was going to reach the postfix crowd, but they name them in the article, indicate they're effected, and yet made no attempt to directpy inform the postfix guys?
From the wording of postfix's announcement, it's possible they did disclose the vulnerability itself, but witheld some kind of important information, whatever that means. Or else we have to take for granted that the postfix crew are lying about it.
Either way, why would you publish literally right before Christmas? People need time to check if they're affected and update or patch systems. At best it's highly inconsiderate, and it seems more negligent than inconsiderate.
From the wording of postfix's announcement, it's possible they did disclose the vulnerability itself, but witheld some kind of important information, whatever that means. Or else we have to take for granted that the postfix crew are lying about it.
Either way, why would you publish literally right before Christmas? People need time to check if they're affected and update or patch systems. At best it's highly inconsiderate, and it seems more negligent than inconsiderate.