[Mailman-Users] any info on this reported exploit?

[Brad Knowles]

At 5:53 PM -0500 2006-01-26, Jim Popovitch wrote:

>  Fair enough.  I would like to find a way for myself (and other Mailman
>  admins) to be in that appropriate place.  This doesn't mean all Mailman
>  users, perhaps their should be a pre-screened
>  mailman-site-admins at python.org list.

	IMO, this is the correct place.

>>      I don't think that we can do anything more than this, and I don't
>>  think it's reasonable to expect anything more than this.
>
>  I just want to add that, from a site admins perspective, no advanced
>  knowledge about a need to update/upgrade is a bad situation.  Imagine
>  finding out on Friday afternoon that there is a new critical fix (where
>  the bug was known for weeks by the vendor) for a system that you
>  responsible for maintaining.

	Imagine being a vendor/author of a given piece of software, and 
have someone else ask a question on your most public mailing list 
about a bug that someone else claims to have known about for months, 
only this is the first time you're hearing of it.

>                                Some admins like quiet weekends and
>  well-planned upgrades.  Having advanced knowledge of what is involved
>  makes perfect sense to me.

	Yeah, authors and vendors don't like nasty surprises, either.

	Fortunately, in this case it is a known issue (which others have 
apparently decided to portray in a very different way), and which has 
already been addressed (as described by Tokio).

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.