[sorbus]

Are you saying that the fact that this issue doesn't effect many people means that it's not a serious security problem?

[bonzoesc]

He's saying that since the issue doesn't affect many people it didn't get found right away. It is a serious security problem for businesses that use Mac OS X with LDAP. However, it's not a serious security problem for me.

[sorbus]

It's been known for just under a month, since five days after OS X Lion was released, so that interpretation of his statement seems incorrect.

[tptacek]

In the interest of expedience, let me be blunt: very few security researchers give a shit about how OS X Server uses LDAP.

We're all pretty busy lately, too.

(-2. You guys are funny. In case it matters: I'm not being snarky. They really don't).

[bonzoesc]

> This looks both real and a pretty serious issue (I wonder how it went by almost a month without getting picked up by the security community).

Followed by:

> Not many people in the security community use Mac servers in such a way that they need LDAP, and of those people, very few are running Lion on their servers.

Therefore, we see that Mr. Ptacek thinks "it went by almost a month without getting picked up by the security community" because "Not many people in the security community use Mac servers".