[eric_h]

I've not commented either way on the subject in this thread, but personally I would much rather have read this as a writeup 2 or 3 months from now after the discoverer had responsibly disclosed the vulnerability and Apple had a chance to patch it.

On the other hand, I'm glad that I have this information so I know not to install High Sierra on my work iMac (sitting on a desk in a WeWork behind a door whose lock would be very easy to force open) until this is fixed.

[Edit: I now see that there's a simple workaround (change the root password and keep root enabled), so I'm all for "irresponsible disclosure" in this case]

[eric_h]

As an addendum apple released a fix for this less than 48 hours after it was reported (I think I've got the timeframe right), so there's something to be said for irresponsibly disclosing to light a fire under the ass of whomever is responsible for fixing a vulnerability.