[Mailman-Users] any info on this reported exploit?
jimpop at yahoo.com
Thu Jan 26 23:53:48 CET 2006
Brad Knowles wrote:
> At 3:28 PM -0500 2006-01-26, Jim Popovitch wrote:
>> OK, that makes some sense to keep it hush-hush for a while. HOWEVER,
>> is the process for notifying Mailman admins of temporary workarounds for
>> this and any other situation? I honestly don't want to wait for an
>> official patch if there is an interim solution.
> You'll have to get the official word from Barry, but I'm sure that
> as soon as there is any work around that has been determined, that would
> be announced in the appropriate places.
Fair enough. I would like to find a way for myself (and other Mailman
admins) to be in that appropriate place. This doesn't mean all Mailman
users, perhaps their should be a pre-screened
mailman-site-admins at python.org list.
> In the meanwhile, this is the first I've heard of this matter, and I
> don't have any more information to make available to you.
>> Brad, I can assume that many many other admins will want to know of
>> "next-steps" for this problem. What should we do to make sure we are
>> kept in the loop if it isn't discussed/relayed somehow?
> Right now, there is no next step. The matter needs to be handled
> through the appropriate channels (which are reasonably secure). Part of
> that standard process would be making sure that a suitable announcement
> is made at the appropriate time.
> I don't think that we can do anything more than this, and I don't
> think it's reasonable to expect anything more than this.
I just want to add that, from a site admins perspective, no advanced
knowledge about a need to update/upgrade is a bad situation. Imagine
finding out on Friday afternoon that there is a new critical fix (where
the bug was known for weeks by the vendor) for a system that you
responsible for maintaining. Some admins like quiet weekends and
well-planned upgrades. Having advanced knowledge of what is involved
makes perfect sense to me.
More information about the Mailman-Users