[Mailman-Users] security heads up - path traversal with 2.1.5
Brad Knowles
brad at python.org
Mon Feb 14 14:40:15 CET 2005
At 2:09 PM +0100 2005-02-14, Florian Weimer wrote:
> The underlying assumption seems to be that Mailman security bugs can
> only be disclosed by posting them on the Mailman lists.
We have no more control over what you say or do on other lists
than any other developer. Yes, if there is a security bug, we would
prefer that you come talk to us first, and let us work on getting a
patch created and the appropriate announcements made, etc....
However, when you use our mailing lists, on our servers, to
discuss our software, I think we have a reasonable expectation that
you will follow the requirements that we may have regarding what we
consider to be "responsible conduct", and to comport yourself
appropriately.
If you are unwilling or unable to agree to such a simple
requirement, then maybe you shouldn't be subscribed to these mailing
lists.
--
Brad Knowles <brad at python.org> Python.org Postmaster Team
More information about the Mailman-Users
mailing list