On 4/16/08, Jim Popovitch wrote:
I can appreciate the significance of that situation. I don't know that I have a solution other than to ask what does ClamAV or SpamAssassin do in similar situations?
Dunno. Do they have to support twenty different languages?
Can those translations only be started once the mainline English-language code has been frozen, because the strings in the English-language version are used as the keys for the translated versions of the strings in other the other languages?
I believe I shepherded theidea, some time ago, of the need for a closed Mailman security team of both developers and involved site administrators.
There is one. See FAQ 1.27. It's secure enough that even I don't have access to it, although I'm sure that Barry, Mark, Tokio, and other critical people do.
I would say if aproven trusted group of Mailman site administrators privately discussed and tested a security fix, then I would have no problem with fixes being committed and released at once.
That's what you've got with the way RCs are handled today.
Although a "heads up!"would be nice too. ;-)
That's what you've got with the way RCs are handled today.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>