[Mailman-Users] any info on this reported exploit?
brad at stop.mail-abuse.org
Fri Jan 27 00:59:08 CET 2006
At 5:53 PM -0500 2006-01-26, Jim Popovitch wrote:
> Fair enough. I would like to find a way for myself (and other Mailman
> admins) to be in that appropriate place. This doesn't mean all Mailman
> users, perhaps their should be a pre-screened
> mailman-site-admins at python.org list.
IMO, this is the correct place.
>> I don't think that we can do anything more than this, and I don't
>> think it's reasonable to expect anything more than this.
> I just want to add that, from a site admins perspective, no advanced
> knowledge about a need to update/upgrade is a bad situation. Imagine
> finding out on Friday afternoon that there is a new critical fix (where
> the bug was known for weeks by the vendor) for a system that you
> responsible for maintaining.
Imagine being a vendor/author of a given piece of software, and
have someone else ask a question on your most public mailing list
about a bug that someone else claims to have known about for months,
only this is the first time you're hearing of it.
> Some admins like quiet weekends and
> well-planned upgrades. Having advanced knowledge of what is involved
> makes perfect sense to me.
Yeah, authors and vendors don't like nasty surprises, either.
Fortunately, in this case it is a known issue (which others have
apparently decided to portray in a very different way), and which has
already been addressed (as described by Tokio).
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users