[Mailman-Users] security heads up - path traversal with 2.1.5

Brad Knowles brad at python.org
Mon Feb 14 14:40:15 CET 2005

At 2:09 PM +0100 2005-02-14, Florian Weimer wrote:

>  The underlying assumption seems to be that Mailman security bugs can
>  only be disclosed by posting them on the Mailman lists.

	We have no more control over what you say or do on other lists 
than any other developer.  Yes, if there is a security bug, we would 
prefer that you come talk to us first, and let us work on getting a 
patch created and the appropriate announcements made, etc....

	However, when you use our mailing lists, on our servers, to 
discuss our software, I think we have a reasonable expectation that 
you will follow the requirements that we may have regarding what we 
consider to be "responsible conduct", and to comport yourself 

	If you are unwilling or unable to agree to such a simple 
requirement, then maybe you shouldn't be subscribed to these mailing 

Brad Knowles <brad at python.org>          Python.org Postmaster Team

More information about the Mailman-Users mailing list