I understand why they're saying this, but it seems unlikely to matter much in practice. How often is a company that wants to pay for a service contract going to find a security bug in the first place? It seems to me that the big point of a service contract is that you're paying somebody else to think about bugs for you, so you probably aren't going to go digging for them in the first place. I guess you might be made aware of a bug if somebody actively exploits it against you, but I would assume the developers would take an active, in the wild bug seriously even if the people reporting it don't have a contract.
Note: you can avoid this step in the future by logging into your LWN account.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。