[Mailman-Users] any info on this reported exploit?
jimpop at yahoo.com
Sun Jan 29 22:10:18 CET 2006
Brad Knowles wrote:
> At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote:
>> The whole reason for me waxing so passionately on this thread is the
>> earlier suggestion that Diana shouldn't have even emailed mailman-users,
>> but rather mailman-security and kept it quiet thereafter (this after it
>> was already released over at securityfocus.com).
> Correct. See FAQ 1.27. That is the official Security Policy of
> this mailing list, and that information is included in the footer of
> every single mail message which passes through this list.
But, Diana wasn't emailing sensitive info. She was asking a very
important question about something that was already public. You then
told her that she should have gone to the secret-handshake club. Are
you suggesting that all "Hey, has this been fixed yet" questions should
be off list and only one-on-one with mailman-security?
> In this case, no harm was done, since the bug had already been
> "fixed" through the work that Tokio had done in creating the next
> release of the code, and the real problem was the disconnect in what we
> were calling the bug and what they were calling it. But the potential
> was certainly there.
> But if you can't adhere to the official Security Policy of this
> mailing list, then you shouldn't be posting here, and you shouldn't be
er, Right.... (the elitism really shines through Brad).
More information about the Mailman-Users