[Mailman-Users] any info on this reported exploit?

[Jim Popovitch]

Brad Knowles wrote:
> At 3:28 PM -0500 2006-01-26, Jim Popovitch wrote:
> 
>>  OK, that makes some sense to keep it hush-hush for a while.  HOWEVER, 
>> what
>>  is the process for notifying Mailman admins of temporary workarounds for
>>  this and any other situation?  I honestly don't want to wait for an
>>  official patch if there is an interim solution.
> 
>     You'll have to get the official word from Barry, but I'm sure that 
> as soon as there is any work around that has been determined, that would 
> be announced in the appropriate places.

Fair enough.  I would like to find a way for myself (and other Mailman 
admins) to be in that appropriate place.  This doesn't mean all Mailman 
users, perhaps their should be a pre-screened 
mailman-site-admins at python.org list.

>     In the meanwhile, this is the first I've heard of this matter, and I 
> don't have any more information to make available to you.
> 
>>  Brad, I can assume that many many other admins will want to know of
>>  "next-steps" for this problem.  What should we do to make sure we are
>>  kept in the loop if it isn't discussed/relayed somehow?
> 
>     Right now, there is no next step.  The matter needs to be handled 
> through the appropriate channels (which are reasonably secure).  Part of 
> that standard process would be making sure that a suitable announcement 
> is made at the appropriate time.
> 
>     I don't think that we can do anything more than this, and I don't 
> think it's reasonable to expect anything more than this.

I just want to add that, from a site admins perspective, no advanced 
knowledge about a need to update/upgrade is a bad situation.  Imagine 
finding out on Friday afternoon that there is a new critical fix (where 
the bug was known for weeks by the vendor) for a system that you 
responsible for maintaining.  Some admins like quiet weekends and 
well-planned upgrades.  Having advanced knowledge of what is involved 
makes perfect sense to me.

-Jim P.